N'oge na-adịghị anya, na arụ ọrụ nke usoro ọ bụla, okwu nke nchekwa na-ebilite: n'ịhụ na nkwenye, nkewa nke ikike, nyocha na ọrụ ndị ọzọ. Emeelarị maka Kubernetes , nke na-enye gị ohere imezu nrubeisi na ụkpụrụ ọbụna na gburugburu ebe dị oke mkpa ... Otu ihe ahụ na-etinye aka na akụkụ ndị bụ isi nke nchekwa nke etinyere n'ime usoro arụnyere na K8. Nke mbụ, ọ ga-aba uru nye ndị na-amalite ịmara Kubernetes - dịka mmalite maka ịmụ ihe gbasara nchekwa.
Nyocha
Enwere ụdị ndị ọrụ abụọ na Kubernetes:
- Akaụntụ ọrụ - akaụntụ Kubernetes API jikwaa;
- ọrụ - ndị ọrụ “nkịtị” nke ndị ọrụ mpụga na-achịkwa.
Isi ihe dị iche n'etiti ụdị ndị a bụ na maka Akaụntụ Ọrụ enwere ihe pụrụ iche na Kubernetes API (a na-akpọ ha nke ahụ - ServiceAccounts), nke ejikọtara na oghere aha yana nchịkọta data ikike echekwara na ụyọkọ n'ime ihe ụdị ihe nzuzo. Ndị ọrụ dị otú ahụ (Akaụntụ Ọrụ) bụ nke e bu n'obi ijikwa ikike ịnweta Kubernetes API nke usoro na-agba na ụyọkọ Kubernetes.
Ndị ọrụ nkịtị enweghị ndenye na Kubernetes API: a ga-ejikwa usoro mpụga jikwaa ha. Ezubere ha maka ndị mmadụ ma ọ bụ usoro bi na mpụga ụyọkọ.
A na-ejikọta arịrịọ API ọ bụla na Akaụntụ Ọrụ, onye ọrụ, ma ọ bụ na-ewere ya na ọ bụ amaghị aha.
Data njirimara onye ọrụ gụnyere:
- aha njirimara - aha njirimara (ikpe nwere mmetụta!);
- UID - eriri njirimara onye ọrụ nwere ike ịgụ nke igwe nke "na-agbanwe agbanwe yana pụrụ iche karịa aha njirimara";
- Iche iche - ndepụta nke otu nke onye ọrụ bụ;
- Extra - ọzọ ubi nwere ike iji site ikike usoro.
Kubernetes nwere ike iji ọtụtụ usoro nyocha: Asambodo X509, Tokens Bearer, proxy na-egosi, HTTP Basic Auth. Iji usoro ndị a, ị nwere ike mejuputa ọnụ ọgụgụ dị ukwuu nke atụmatụ ikike: site na faịlụ static nwere okwuntughe gaa na OpenID OAuth2.
Ọzọkwa, enwere ike iji ọtụtụ atụmatụ ikike n'otu oge. Site na ndabara, ụyọkọ ahụ na-eji:
- akara akaụntụ ọrụ - maka Akaụntụ Ọrụ;
- X509 - maka ndị ọrụ.
Ajụjụ gbasara ijikwa ServiceAccounts karịrị nke isiokwu a, mana maka ndị chọrọ ịmatakwu okwu a n'ụzọ zuru ezu, ana m akwado ịmalite na. . Anyị ga-elebakwu anya n'okwu gbasara otu asambodo X509 si arụ ọrụ.
Asambodo maka ndị ọrụ (X.509)
Ụzọ kpochapụrụ arụ ọrụ na asambodo gụnyere:
- ọgbọ isi:
mkdir -p ~/mynewuser/.certs/ openssl genrsa -out ~/.certs/mynewuser.key 2048 - na-amụba arịrịọ akwụkwọ:
openssl req -new -key ~/.certs/mynewuser.key -out ~/.certs/mynewuser.csr -subj "/CN=mynewuser/O=company" - hazie arịrịọ asambodo site na iji igodo ụyọkọ CA Kubernetes, nweta asambodo onye ọrụ (iji nweta asambodo, ị ga-eji akaụntụ nwere ohere na igodo Kubernetes ụyọkọ CA, nke na ndabara dị na ya.
/etc/kubernetes/pki/ca.key):openssl x509 -req -in ~/.certs/mynewuser.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out ~/.certs/mynewuser.crt -days 500 - ịmepụta faịlụ nhazi:
- Nkọwa ụyọkọ (kpọpụta adreesị na ọnọdụ nke faịlụ asambodo CA maka otu nrụnye ụyọkọ):
kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/pki/ca.crt --server=https://192.168.100.200:6443 - ma ọ bụ otú bụghịNhọrọ akwadoro - ịgaghị ezipụta akwụkwọ mgbọrọgwụ (mgbe ahụ kubectl agaghị elele izi ezi nke api-sava nke ụyọkọ):
kubectl config set-cluster kubernetes --insecure-skip-tls-verify=true --server=https://192.168.100.200:6443 - na-agbakwunye onye ọrụ na faịlụ nhazi:
kubectl config set-credentials mynewuser --client-certificate=.certs/mynewuser.crt --client-key=.certs/mynewuser.key - na-agbakwụnye ọnọdụ:
kubectl config set-context mynewuser-context --cluster=kubernetes --namespace=target-namespace --user=mynewuser - ọrụ ọnọdụ ndabara:
kubectl config use-context mynewuser-context
- Nkọwa ụyọkọ (kpọpụta adreesị na ọnọdụ nke faịlụ asambodo CA maka otu nrụnye ụyọkọ):
Mgbe ịmegharị ihe ndị a dị n'elu, na faịlụ ahụ .kube/config A ga-emepụta nhazi dị ka nke a:
apiVersion: v1
clusters:
- cluster:
certificate-authority: /etc/kubernetes/pki/ca.crt
server: https://192.168.100.200:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
namespace: target-namespace
user: mynewuser
name: mynewuser-context
current-context: mynewuser-context
kind: Config
preferences: {}
users:
- name: mynewuser
user:
client-certificate: /home/mynewuser/.certs/mynewuser.crt
client-key: /home/mynewuser/.certs/mynewuser.keyIji mee ka ọ dịkwuo mfe ịnyefe nhazi n'etiti akaụntụ na sava, ọ bara uru iji dezie ụkpụrụ nke igodo ndị a:
-
certificate-authority -
client-certificate -
client-key
Iji mee nke a, ịnwere ike itinye koodu faịlụ ndị akọwapụtara n'ime ha site na iji base64 wee debanye aha ha na nhazi, na-agbakwunye suffix na aha igodo. -data, i.e. ọ natara certificate-authority-data na ihe yiri ya.
Asambodo nwere kubeadm
Na ntọhapụ iji asambodo na-arụ ọrụ aghọwo ihe dị mfe karị maka ụdị alfa nke nkwado ya na . Dịka ọmụmaatụ, nke a bụ ihe iji igodo onye ọrụ na-emepụta faịlụ nhazi nwere ike ịdị ugbu a:
kubeadm alpha kubeconfig user --client-name=mynewuser --apiserver-advertise-address 192.168.100.200
NB: Achọrọ kpọsaanụ adreesị enwere ike ịchọta na nhazi api-server, nke dị na ndabara /etc/kubernetes/manifests/kube-apiserver.yaml.
Nhazi nke ga-apụta ga-apụta na stdout. Ekwesịrị ịchekwa ya na ~/.kube/config akaụntụ onye ọrụ ma ọ bụ na faịlụ akọwapụtara na mgbanwe gburugburu KUBECONFIG.
Gwuo miri emi
Maka ndị chọrọ ịghọta okwu ndị a kọwara nke ọma:
- na-arụ ọrụ na asambodo na akwụkwọ Kubernetes gọọmentị;
- , nke a na-emetuta mbipụta nke asambodo site n'echiche bara uru.
- na nyocha na Kubernetes.
Ikike
Akaụntụ ikike ndabara enweghị ikike ịrụ ọrụ na ụyọkọ ahụ. Iji nye ikike, Kubernetes na-emejuputa usoro ikike.
Tupu ụdị 1.6, Kubernetes jiri ụdị ikike akpọrọ ABAC (Njikwa nnweta dabere na njirimara). Enwere ike ịchọta nkọwa gbasara ya na . A na-ewere usoro a ugbu a dị ka ihe nketa, mana ị ka nwere ike iji ya na ụdị njirimara ndị ọzọ.
Ụzọ dị ugbu a (ma na-agbanwe agbanwe) nke ikesa ikike ịnweta ụyọkọ ka a na-akpọ RBAC (). Ekwuputala na ọ kwụsiri ike kemgbe ụdị . RBAC na-emejuputa ụkpụrụ ikike nke amachibidoro ihe ọ bụla anabataghị nke ọma.
Iji mee ka RBAC nwee ike, ịkwesịrị ịmalite Kubernetes api-server na paramita --authorization-mode=RBAC. A na-edobe paramita ahụ na ngosipụta na nhazi api-server, nke dị na ndabara dị n'akụkụ ụzọ ahụ /etc/kubernetes/manifests/kube-apiserver.yaml, na ngalaba command. Agbanyeghị, enyerela RBAC aka na ndabara, yabụ o yikarịrị ka ị gaghị echegbu onwe gị maka ya: ị nwere ike nyochaa nke a site na uru. authorization-mode (na nke a kpọtụrụ aha kube-apiserver.yaml). Site n'ụzọ, n'ime nkọwa ya enwere ike ịnwe ụdị ikike ndị ọzọ (node, webhook, always allow), ma anyị ga-ahapụ echiche ha n'èzí nke ihe onwunwe.
Site n'ụzọ, anyị ebipụtalarị na nkọwa zuru oke nke ụkpụrụ na atụmatụ nke ịrụ ọrụ na RBAC, yabụ n'ihu, m ga-ejedebe onwe m na ndepụta nkenke nke isi na ihe atụ.
A na-eji ụlọ ọrụ API ndị a iji jikwaa ịnweta Kubernetes site na RBAC:
-
RoleиClusterRole- ọrụ ndị na-akọwa ikike ịnweta: -
Rolena-enye gị ohere ịkọwa ikike n'ime oghere aha; -
ClusterRole- n'ime ụyọkọ ahụ, gụnyere ihe ndị akọwapụtara ụyọkọ dị ka ọnụ ọnụ, url ndị na-abụghị akụrụngwa (ya bụ, enweghị njikọ na akụrụngwa Kubernetes - dịka ọmụmaatụ,/version,/logs,/api*); -
RoleBindingиClusterRoleBinding- eji maka njikọtaRoleиClusterRolenye onye ọrụ, otu onye ọrụ ma ọ bụ AccountAccount.
Ọrụ na RoleBinding ejedebere site na oghere aha, ya bụ. ga-adị n'ime otu oghere aha. Agbanyeghị, RoleBinding nwere ike ịtu aka ClusterRole, nke na-enye gị ohere ịmepụta otu ikike ikike na njikwa ohere iji ha.
Ọrụ na-akọwa ikike site na iji usoro iwu nwere:
- Otu API - lee site na apiGroups na mmepụta
kubectl api-resources; - akụrụngwa (Ihe onwunwe:
pod,namespace,deploymentwere gabazie.); - Ngwaa (ngwaa:
set,updatewere gabazie.). - aha akụrụngwa (
resourceNames) - maka ikpe mgbe ịchọrọ ịnye ohere ịnweta otu akụrụngwa, ọ bụghịkwa ihe niile nke ụdị a.
Enwere ike ịchọta nyocha zuru oke nke ikike na Kubernetes na ibe . Kama (ma ọ bụ kama, na mgbakwunye na nke a), m ga-enye ihe atụ ndị na-egosi ọrụ ya.
Ọmụmatụ nke ụlọ ọrụ RBAC
Mfe Role, nke na-enye gị ohere ịnweta ndepụta na ọkwa nke pods ma nyochaa ha na aha aha target-namespace:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: target-namespace
name: pod-reader
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]
Ihe nlele: ClusterRole, nke na-enye gị ohere ịnweta ndepụta na ọkwa nke pọd ma nyochaa ha n'ime ụyọkọ ahụ:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
# секции "namespace" нет, так как ClusterRole задействует весь кластер
name: secret-reader
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "watch", "list"]
Ihe nlele: RoleBinding, nke na-enye ohere onye ọrụ mynewuser "gụọ" pọọsụ na oghere aha my-namespace:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: read-pods
namespace: target-namespace
subjects:
- kind: User
name: mynewuser # имя пользователя зависимо от регистра!
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role # здесь должно быть “Role” или “ClusterRole”
name: pod-reader # имя Role, что находится в том же namespace,
# или имя ClusterRole, использование которой
# хотим разрешить пользователю
apiGroup: rbac.authorization.k8s.ioNyochaa mmemme
Na nhazi usoro, enwere ike ịnọchite anya ihe owuwu Kubernetes dị ka ndị a:
Isi ihe akụrụngwa Kubernetes na-ahụ maka nhazi arịrịọ bụ api-sava. Ọrụ niile dị na ụyọkọ ahụ na-aga na ya. Ị nwere ike ịgụkwu banyere usoro ndị a dị n'ime n'ime edemede "".
Nyochaa sistemu bụ ihe na-atọ ụtọ na Kubernetes, nke nwere nkwarụ na ndabara. Ọ na-enye gị ohere ịbanye oku niile na Kubernetes API. Dịka ị nwere ike iche, a na-eme omume niile metụtara nlekota na ịgbanwe ọnọdụ ụyọkọ ahụ site na API a. Enwere ike ịchọta nkọwa dị mma nke ike ya (dị ka ọ dị na mbụ). K8s. Na-esote, m ga-agbalị iweta isiokwu a n'asụsụ dị mfe.
Ya mere, iji mee ka nyocha nyocha, anyị kwesịrị ịnyefe paramita atọ achọrọ na akpa dị na api-server, nke akọwara n'ụzọ zuru ezu n'okpuru:
-
--audit-policy-file=/etc/kubernetes/policies/audit-policy.yaml -
--audit-log-path=/var/log/kube-audit/audit.log -
--audit-log-format=json
Na mgbakwunye na paramita atọ ndị a dị mkpa, enwere ọtụtụ ntọala ndị ọzọ metụtara nyocha: site na ntụgharị log gaa na nkọwa webhook. Ọmụmaatụ nke paramita ntụgharị log:
-
--audit-log-maxbackup=10 -
--audit-log-maxsize=100 -
--audit-log-maxage=7
Mana anyị agaghị etinyekwu nkọwa na ha - ị nwere ike ịchọta nkọwa niile na ya .
Dị ka ekwuru na mbụ, a na-edobe paramita niile na ngosipụta na nhazi api-server (site na ndabara /etc/kubernetes/manifests/kube-apiserver.yaml), na ngalaba command. Ka anyị laghachi na paramita atọ achọrọ wee nyochaa ha:
-
audit-policy-file- ụzọ gaa na faịlụ YAML na-akọwa amụma nyocha. Anyị ga-alaghachi na ọdịnaya ya ma emechaa, mana ugbu a, m ga-achọpụta na faịlụ a ga-agụrịrị site na usoro api-server. Ya mere, ọ dị mkpa ịkwanye ya n'ime akpa ahụ, nke ị nwere ike itinye koodu na-esonụ na ngalaba kwesịrị ekwesị nke nhazi:volumeMounts: - mountPath: /etc/kubernetes/policies name: policies readOnly: true volumes: - hostPath: path: /etc/kubernetes/policies type: DirectoryOrCreate name: policies -
audit-log-path- ụzọ na faịlụ log. Ụzọ ahụ ga-enwerịrị ike ịnweta usoro api-server, yabụ anyị na-akọwa nrịgo ya n'otu ụzọ ahụ:volumeMounts: - mountPath: /var/log/kube-audit name: logs readOnly: false volumes: - hostPath: path: /var/log/kube-audit type: DirectoryOrCreate name: logs -
audit-log-format- nyocha ndekọ ndekọ. Ihe ndabara bụjson, mana usoro ederede nketa dịkwa (legacy).
Iwu nyocha
Ugbu a gbasara faịlụ a kpọtụrụ aha na-akọwa amụma ndekọ. Echiche mbụ nke amụma nyocha bụ level, ọkwa osisi. Ha bụ ndị a:
-
None- adịghị abanye; -
Metadata- metadata arịrịọ log: onye ọrụ, oge arịrịọ, akụ ebumnuche (pod, aha oghere, wdg), ụdị omume (ngwaa), wdg; -
Request- log metadata na arịrịọ ahụ; -
RequestResponse- metadata log, arịrịọ ahụ na ahụ nzaghachi.
Ọkwa abụọ ikpeazụ (Request и RequestResponse) abanyela arịrịọ na-enwetaghị akụrụngwa (ịnweta ihe a na-akpọ url na-abụghị akụrụngwa).
Arịrịọ niile na-agabigakwa ọtụtụ nkebi:
-
RequestReceived- ogbo mgbe arịrịọ na-enweta site processor na ọ bụghị ma e bufere n'ihu tinyere yinye nke processors; -
ResponseStarted- nzaghachi nkụnye eji isi mee na-eziga, ma tupu nzaghachi ahu ezipụ. Emepụtara maka ajụjụ na-adịte aka (dịka ọmụmaatụ,watch); -
ResponseComplete- ezigara ozu nzaghachi, agaghị ezipụ ozi ọzọ; -
Panic- a na-emepụta ihe omume mgbe achọpụtara ọnọdụ na-adịghị mma.
Ka ịgafe usoro ọ bụla ị nwere ike iji omitStages.
Na faịlụ amụma, anyị nwere ike ịkọwa ọtụtụ ngalaba nwere ọkwa ndekọ dị iche iche. A ga-etinye iwu ndakọrịta nke mbụ achọtara na nkọwa amụma.
Kubelet daemon na-enyocha mgbanwe na ngosipụta na nhazi api-server na, ọ bụrụ na achọpụtara ọ bụla, malitegharịa akpa ahụ na api-sava. Mana enwere nkọwa dị mkpa: mgbanwe na faịlụ iwu ga-eleghara ya anya. Mgbe ịmechara mgbanwe na faịlụ amụma, ị ga-achọ iji aka malitegharịa api-sava. Ebe ọ bụ na a malitere api-sava dị ka , otu kubectl delete agaghị eme ka ọ malitegharịa. Ị ga-eji aka gị mee ya docker stop na kube-masters, ebe agbanweela amụma nyocha:
docker stop $(docker ps | grep k8s_kube-apiserver | awk '{print $1}')Mgbe ị na-eme nyocha, ọ dị mkpa icheta nke ahụ ibu na kube-apiserver na-abawanye. Karịsịa, oriri ebe nchekwa maka ịchekwa ọnọdụ arịrịọ na-abawanye. Ndebanye aha na-amalite naanị mgbe ezipuchara nkụnye eji isi mee nzaghachi. Ibu ahụ dabere na nhazi amụma nyocha.
Ihe atụ nke amụma
Ka anyị leba anya na nhazi faịlụ iwu site na iji ihe atụ.
Nke a bụ faịlụ dị mfe policyịbanye ihe niile na ọkwa Metadata:
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
N'ime amụma ị nwere ike ịkọwapụta ndepụta ndị ọrụ (Users и ServiceAccounts) na otu ndị ọrụ. Dịka ọmụmaatụ, otu a ka anyị ga-esi eleghara ndị ọrụ sistemu anya, mana abanyela ihe ọ bụla ọzọ na ọkwa Request:
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: None
userGroups:
- "system:serviceaccounts"
- "system:nodes"
users:
- "system:anonymous"
- "system:apiserver"
- "system:kube-controller-manager"
- "system:kube-scheduler"
- level: RequestỌ dịkwa ike ịkọwa ebumnuche ndị a:
- oghere aha (
namespaces); - Ngwaa (ngwaa:
get,update,deletena ndị ọzọ); - akụrụngwa (Ihe onwunwe, nke bụ:
pod,configmapswdg) na otu akụrụngwa (apiGroups).
Lezienụ anya! Enwere ike nweta akụrụngwa na akụrụngwa (otu API, ya bụ apiGroups), yana ụdị ha etinyere na ụyọkọ ahụ, site na iji iwu ndị a:
kubectl api-resources
kubectl api-versionsAtumatu nyocha nke a ka ewepụtara dị ka ngosipụta nke omume kacha mma na :
apiVersion: audit.k8s.io/v1beta1
kind: Policy
# Не логировать стадию RequestReceived
omitStages:
- "RequestReceived"
rules:
# Не логировать события, считающиеся малозначительными и не опасными:
- level: None
users: ["system:kube-proxy"]
verbs: ["watch"]
resources:
- group: "" # это api group с пустым именем, к которому относятся
# базовые ресурсы Kubernetes, называемые “core”
resources: ["endpoints", "services"]
- level: None
users: ["system:unsecured"]
namespaces: ["kube-system"]
verbs: ["get"]
resources:
- group: "" # core
resources: ["configmaps"]
- level: None
users: ["kubelet"]
verbs: ["get"]
resources:
- group: "" # core
resources: ["nodes"]
- level: None
userGroups: ["system:nodes"]
verbs: ["get"]
resources:
- group: "" # core
resources: ["nodes"]
- level: None
users:
- system:kube-controller-manager
- system:kube-scheduler
- system:serviceaccount:kube-system:endpoint-controller
verbs: ["get", "update"]
namespaces: ["kube-system"]
resources:
- group: "" # core
resources: ["endpoints"]
- level: None
users: ["system:apiserver"]
verbs: ["get"]
resources:
- group: "" # core
resources: ["namespaces"]
# Не логировать обращения к read-only URLs:
- level: None
nonResourceURLs:
- /healthz*
- /version
- /swagger*
# Не логировать сообщения, относящиеся к типу ресурсов “события”:
- level: None
resources:
- group: "" # core
resources: ["events"]
# Ресурсы типа Secret, ConfigMap и TokenReview могут содержать секретные данные,
# поэтому логируем только метаданные связанных с ними запросов
- level: Metadata
resources:
- group: "" # core
resources: ["secrets", "configmaps"]
- group: authentication.k8s.io
resources: ["tokenreviews"]
# Действия типа get, list и watch могут быть ресурсоёмкими; не логируем их
- level: Request
verbs: ["get", "list", "watch"]
resources:
- group: "" # core
- group: "admissionregistration.k8s.io"
- group: "apps"
- group: "authentication.k8s.io"
- group: "authorization.k8s.io"
- group: "autoscaling"
- group: "batch"
- group: "certificates.k8s.io"
- group: "extensions"
- group: "networking.k8s.io"
- group: "policy"
- group: "rbac.authorization.k8s.io"
- group: "settings.k8s.io"
- group: "storage.k8s.io"
# Уровень логирования по умолчанию для стандартных ресурсов API
- level: RequestResponse
resources:
- group: "" # core
- group: "admissionregistration.k8s.io"
- group: "apps"
- group: "authentication.k8s.io"
- group: "authorization.k8s.io"
- group: "autoscaling"
- group: "batch"
- group: "certificates.k8s.io"
- group: "extensions"
- group: "networking.k8s.io"
- group: "policy"
- group: "rbac.authorization.k8s.io"
- group: "settings.k8s.io"
- group: "storage.k8s.io"
# Уровень логирования по умолчанию для всех остальных запросов
- level: MetadataEzi ihe atụ ọzọ nke amụma nyocha bụ .
Iji zaghachi ngwa ngwa maka ihe omume nyocha, ọ ga-ekwe omume kọwaa webhook. A na-ekpuchi okwu a , M ga-ahapụ ya n'èzí nke isiokwu a.
Nsonaazụ
Edemede a na-enye nkọwapụta nke usoro nchekwa bụ isi na ụyọkọ Kubernetes, nke na-enye gị ohere ịmepụta akaụntụ onye ọrụ ahaziri iche, kewaa ikike ha, wee dekọọ omume ha. Enwere m olileanya na ọ ga-aba uru nye ndị na-eche nsogbu ndị dị otú ahụ ihu na tiori ma ọ bụ na omume. M na-akwadokwa ka ị gụọ ndepụta nke ihe ndị ọzọ na isiokwu nke nchekwa na Kubernetes, nke e nyere na "PS" - ikekwe n'ime ha ị ga-achọta nkọwa ndị dị mkpa na nsogbu ndị dị gị mkpa.
PS
Gụọkwa na blọọgụ anyị:
- «»;
- «»;
- «»;
- «»;
- «".
isi: www.habr.com