Rachel's Yard| A New Continuation
secrettokens for ALL namespaces, and recreate services/pods. Your applications in each pods can access the API with a
serviceaccountcredentials, and it is only generated once. Therefore, if you change the TLS certs, the old
secretswill be invalid.
--apiserver-count=<count>flag in your kube-apiserver. Otherwise, apiserver will fight to get control of the service endpoints.
Billions of $$$ are awesome, but how do you invest? (joke
Docker is awesome (late to the party again), but how to manage?
TL;DR Kubernetes is a management tool (sort of) of containers.
I will just skip the introduction, since there are many articles out there already.
The best way of running Kubernetes is to deploy it on CoreOS, period.
See, all other OSs are too heavyweight. CoreOS (other than SmartOS) is highly specialized to run containers, so there's that. Plus, folks at Quay.io is kind enough to have kubelet image ready. Kubelet is a binary that contains all the components that you will need to run Kubernetes (Golang is awesome), and Quay/CoreOS team makes it running in a rkt container, which makes updates/upgrades easy.
Of course, all components are stateless. Persistent states are stored in a etcd cluster (that seems to be the trend).
An obligatory graph of architecture:
Here are my
cloud-config files for my deployment on OpenNebula: https://coreos-opennebula.s3.fmt01.sdapi.net/cloud-config/
Currently only a project written for an econ professor, but I will containerize more of my projects.
The nginx controller on kubernetes/contrib kind of blows. So I (sort of) compiled the newest nginx and CHACHA20 ciphers:
You will need to recompile the controller with this tag.