Keep - 23/10/26

# Keep - 23/10/26 ## K8S Alerts Auto Remediation (Auto Runbook) -- 緯創 `opensource` ref: https://home.robusta.dev/use-case/root-cause-analysis :::success * triggers * actions * sinks ::: :::info * Forwarder * Runner * Enrichment (chatGPT) * 圖表訊息、關鍵字查找 ::: :::warning * Auto remediation(自動修復) * Custom Resource Definition * Alert manager - 避免過多不必要的通知 ::: 協同筆記: https://hackmd.io/@k8ssummit/2023/%2F%40k8ssummit%2FHy621Ayfp#Architecture ## K8s 網路除錯所需技能大全 -- SDN :::danger 畫出圖排除不要的抽絲撥繭 ::: From HungWei Chiu's slide :::spoiler ![](https://hackmd.io/_uploads/r1tf7ZOMa.png) ::: --- ## Kubernetes APIs for the Future: Building Platforms and Managing Everything -- Google :::info Applications & infrastructure CRD Kubernetes APIs for your infrastructure 管理多個 cluster Composite Resource Pattern Ex: ClickOps ->GitOps Config Sync ( Project ) ::: ## 打造雲原生世界的資安堡壘 -- Red Hat :::warning * **Base Image** https://catalog.redhat.com/software/base-images * UBI * Standard | minimal | multi service * Pre-Built Language Image * Package subset * Advanced Cluster Security (ACS) * 自動生成網路規則建議 * Pod 之間網路 * DevSecOps ::: ## 幫服務建立觀測性，利用 ITSM 與自動化完成數位企業最後一哩路 -- BMC :::success - Gartner - Q 開頭另外一個行星圖 - 講者形容自家公司 * 歌紅人不紅 * 哈士奇 - ITSM 資訊科技服務管理（英語：IT Service Management，簡稱為IT services，縮寫為ITSM） - Splunk .... etc 環繞 BMC - ServiceOps bridging the gap in ITOM(運維管理)/ITSM 快速定位問題，降低停機 - 收納管理 - 每一次變更造成什麼影響發現&處理一氣呵成 ::: ## Feature Toggle Makes Development more Efficient -- Line :::success * Make Development more efficient * 天下武功 * 唯快不破 * idea 交付 * 範籌成本品質 * === 黃金平衡 === * What ? * Configuration * 改動就部署 -> 怎麼減少 * 寫程式控制 : No ~ * 工程師面向打API控制 * ... Operator 面向 * **OpenFlagr (Open source)** * https://github.com/openflagr/flagr * Architecture * Friendly Interface * Data pipeline kafaka * Apply to ? * Dynamic Configuration * MockAPI 第三方壞掉情況 * https://mockoon.com/ * **Key :** * 反覆驗證 * 指標看有沒做得好快速部署 * 做好 -> 部署 * LeadTime For Change * LTC * DF - Deployment Frequency * CFR change Failure Rate * MTTR - Mean time to Restore Service ::: ## On-premise Workload 遷移 Kubernetes 心路歷程 -- KKCOMPANY :::info - on-premise workload 遷移上雲 - 地端雲端連線 - VPN vs Direct Connect - VPN 成本 - Direct Connect 穩， Latency 沒降 - **CNI** Network : High performance - Public : Load Balancer - Private : node - K8s ingress - **Traefik** not nginx - https://traefik.io/ - 【Traefik教學】比Nginx更方便的反向代理工具Traefik - https://www.hellosanta.com.tw/knowledge/category-38/post-28 - ingress svc Pod Pod (一起聽) 需導到同個 Pod - Traefik Middleware - IPWhiteList - RateLimit - Headers .... - ExternalDNS - CircuitBreaker - Container Secret Ixx Driver https://secrets-store-csi-driver.sigs.k8s.io/ - 運算資源 money UP - 省錢 By AutoScaling - Event sources and scalers ::: ## 深入淺出 Kubernetes - smalltown https://www.slideshare.net/smalltown20110306/kubernetes-summit-2023-head-first-kubernetes?fbclid=IwAR0HVcGzfe-OFdxojunhrxiRHe9JhiPPGKpNspZnF_byYxyaQZ_ZFzTFUF8 :::warning Docker 是一間公司包裝 Container 一個 Pod 多個 Container Deployment Replicaset V1 V2 V3 (rolling update ) Services and Ingress Ingress 連向哪個 Service Service # 1 > Pod Service # 2 > Pod Config map 不同的環境不同的設定比如說 log level K8s Secret Base64 沒在保護的啦 decode 就是明文啦沒有加密 encrypt --› K8s Vault 農場主人 & 農作物 k8s & container StatefulSets 儲存 Pod volumn PVC 為了達到 StatefulSets 記憶性 DeamonSets 監控節點？ * Label & Selector Limit 最多只能這樣啦 Request 跟 k8s 至少要多少 Pod 需要找資源足的 node 保證 r === l （第三砍） Request < Limit （第二砍）沒有設定（先被砍） liveness probe 正常運行與否砍掉重砲 Readiness probe 跑起來可被外部請求 Startup probe (後來的）起始檢查 --- k8s in action (last) Scalability Horizontal Pod Autoscalor HPA CPU memory 到多少橫向長 Pod 變多往上長 CPU memory 提升 -- 收集 Fluent bit collector -- Monitor -- Common issue Container image 沒有抓到證照最短時間涵蓋全部面向 - 全面性 https://www.youtube.com/watch?v=3mbAlYaoknU&ab_channel=iPARTY%E6%84%9B%E6%B4%BE%E5%B0%8D :::