Haufinyane, ts'ebetsong ea sistimi efe kapa efe, ho hlaha taba ea ts'ireletso: ho netefatsa bonnete, karohano ea litokelo, tlhahlobo le mesebetsi e meng. E se e etselitsoe Kubernetes , e leng se u lumellang hore u finyelle ho lumellana le litekanyetso esita le libakeng tse boima haholo ... Thepa e tšoanang e nehetsoe likarolong tsa motheo tsa ts'ireletso tse sebelisoang ka har'a mekhoa e hahiloeng ea K8s. Pele ho tsohle, ho tla ba molemo ho ba qalang ho tloaelana le Kubernetes - e le qalo ea ho ithuta litaba tse amanang le ts'ireletso.
Netefatso
Ho na le mefuta e 'meli ea basebelisi ho Kubernetes:
- Liakhaonto tsa Tšebeletso - litlaleho tse laoloang ke Kubernetes API;
- basebedisi — "basebelisi ba tloaelehileng" ba laoloang ke lits'ebeletso tsa kantle, tse ikemetseng.
Phapang e kholo lipakeng tsa mefuta ena ke hore bakeng sa Liakhaonto tsa Ts'ebeletso ho na le lintho tse ikhethang ho Kubernetes API (li bitsoa joalo - ServiceAccounts), tse tlamelletsoeng sebakeng sa mabitso le sete sa data ea tumello e bolokiloeng sehlopheng sa lintho tsa mofuta oa Liphiri. Basebelisi ba joalo (Liakhaonto tsa Ts'ebeletso) li reretsoe ho laola litokelo tsa phihlello ho Kubernetes API ea lits'ebetso tse sebetsang sehlopheng sa Kubernetes.
Basebelisi ba Tloaelehileng ha ba na likenyo ho Kubernetes API: li tlameha ho laoloa ke mekhoa ea kantle. Li reretsoe batho kapa mekhoa e phelang ka ntle ho sehlopha.
Kopo e 'ngoe le e' ngoe ea API e amahanngoa le Ak'haonte ea Tšebeletso, Mosebelisi, kapa e nkoa e sa tsejoe.
Lintlha tsa netefatso ea mosebelisi li kenyelletsa:
- Username - lebitso la mosebedisi (lenyeletso la maemo!);
- UID - khoele ea boitsebiso e baloang ke mochini e "tsamaeang le e ikhethang ho feta lebitso la mosebelisi";
- Groups - lenane la lihlopha tseo mosebelisi e leng oa tsona;
- E eketsehileng - masimo a eketsehileng a ka sebelisoang ke mochine oa tumello.
Kubernetes e ka sebelisa palo e kholo ea mekhoa ea netefatso: Litifikeiti tsa X509, li-tokens tsa Bearer, proxy ea netefatso, HTTP Basic Auth. U sebelisa mekhoa ena, u ka kenya ts'ebetsong mekhoa e mengata ea tumello: ho tloha faeleng e tsitsitseng e nang le li-passwords ho OpenID OAuth2.
Ho feta moo, hoa khoneha ho sebelisa merero e mengata ea tumello ka nako e le 'ngoe. Ka tloaelo, sehlopha se sebelisa:
- li-tokens tsa akhaonto ea tšebeletso - bakeng sa Liakhaonto tsa Tšebeletso;
- X509 - bakeng sa Basebelisi.
Potso e mabapi le ho tsamaisa ServiceAccounts e feta boholo ba sengoloa sena, empa ho ba batlang ho tloaelana le taba ena ka botlalo, ke khothaletsa ho qala ka. . Re tla shebisisa taba ea hore na mangolo a X509 a sebetsa joang.
Lisetifikeiti tsa basebelisi (X.509)
Mokhoa oa khale oa ho sebetsa le setifikeiti o kenyelletsa:
- tlhahiso ea bohlokoa:
mkdir -p ~/mynewuser/.certs/ openssl genrsa -out ~/.certs/mynewuser.key 2048 - ho hlahisa kopo ea setifikeiti:
openssl req -new -key ~/.certs/mynewuser.key -out ~/.certs/mynewuser.csr -subj "/CN=mynewuser/O=company" - ho sebetsa kopo ea setifikeiti u sebelisa linotlolo tsa CA tsa cluster tsa Kubernetes, ho fumana setifikeiti sa mosebelisi (ho fumana setifikeiti, o tlameha ho sebelisa ak'haonte e nang le phihlello ea senotlolo sa CA sa Kubernetes, seo ka ho sa feleng se leng ho sona.
/etc/kubernetes/pki/ca.key):openssl x509 -req -in ~/.certs/mynewuser.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out ~/.certs/mynewuser.crt -days 500 - ho theha faele ea tlhophiso:
- Tlhaloso ea sehlopha (hlalosa aterese le sebaka sa faele ea setifikeiti sa CA bakeng sa ho kenya lihlopha tse itseng):
kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/pki/ca.crt --server=https://192.168.100.200:6443 - kapa joang hakhetho e khothaletsoang - ha ua tlameha ho hlakisa setifikeiti sa motso (ka nako eo kubectl e ke ke ea hlahloba ho nepahala ha li-api-server tsa sehlopha):
kubectl config set-cluster kubernetes --insecure-skip-tls-verify=true --server=https://192.168.100.200:6443 - ho eketsa mosebelisi ho faele ea tlhophiso:
kubectl config set-credentials mynewuser --client-certificate=.certs/mynewuser.crt --client-key=.certs/mynewuser.key - ho eketsa moelelo oa taba:
kubectl config set-context mynewuser-context --cluster=kubernetes --namespace=target-namespace --user=mynewuser - kabelo ea maemo a kamehla:
kubectl config use-context mynewuser-context
- Tlhaloso ea sehlopha (hlalosa aterese le sebaka sa faele ea setifikeiti sa CA bakeng sa ho kenya lihlopha tse itseng):
Kamora ho qhekella ka holimo, faeleng .kube/config config e kang ena e tla etsoa:
apiVersion: v1
clusters:
- cluster:
certificate-authority: /etc/kubernetes/pki/ca.crt
server: https://192.168.100.200:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
namespace: target-namespace
user: mynewuser
name: mynewuser-context
current-context: mynewuser-context
kind: Config
preferences: {}
users:
- name: mynewuser
user:
client-certificate: /home/mynewuser/.certs/mynewuser.crt
client-key: /home/mynewuser/.certs/mynewuser.keyHo etsa hore ho be bonolo ho fetisetsa config lipakeng tsa li-account le li-server, ho bohlokoa ho hlophisa boleng ba linotlolo tse latelang:
-
certificate-authority -
client-certificate -
client-key
Ho etsa sena, o ka kenyelletsa lifaele tse boletsoeng ho tsona o sebelisa base64 mme o li ngolise ho config, o kenyelletsa sekoti lebitsong la linotlolo. -data, ke. ba amohetse certificate-authority-data le tse ling tse joalo.
Litifikeiti tse nang le kubeadm
Ka tokollo ho sebetsa ka setifikeiti ho se ho le bonolo haholo ka lebaka la mofuta oa alpha oa ts'ehetso ea ona ho . Mohlala, sena ke seo ho hlahisa faele ea tlhophiso ka linotlolo tsa mosebelisi hona joale ho ka shebahalang joalo:
kubeadm alpha kubeconfig user --client-name=mynewuser --apiserver-advertise-address 192.168.100.200
NB: Ho hlokahala phatlalatsa aterese e ka fumanoa ho api-server config, eo ka ho sa feleng e leng ho eona /etc/kubernetes/manifests/kube-apiserver.yaml.
Sephetho se hlahisoang se tla hlahisoa ho stdout. E hloka ho bolokoa ka hare ~/.kube/config akhaonte ya mosebedisi kapa faeleng e boletsweng mofuteng wa tikoloho KUBECONFIG.
Cheka ho Tebile
Bakeng sa ba batlang ho utloisisa lintlha tse hlalositsoeng ka botlalo:
- ka ho sebetsa le litifikeiti litokomaneng tsa molao tsa Kubernetes;
- , moo taba ea litifikeiti e angoang ho latela pono e sebetsang.
- ka netefatso ho Kubernetes.
Tlhahiso
Ak'haonte e lumelletsoeng ea kamehla ha e na litokelo tsa ho sebetsa sehlopheng. Ho fana ka tumello, Kubernetes o sebelisa mokhoa oa tumello.
Pele ho mofuta oa 1.6, Kubernetes o ne a sebelisa mofuta oa tumello o bitsoang ABAC (Taolo ea phihlello e ipapisitseng le tšobotsi). Lintlha tse mabapi le eona li ka fumanoa ho . Mokhoa ona hajoale o nkuoa e le oa lefa, empa o ntse o ka o sebelisa hammoho le mefuta e meng ea netefatso.
Mokhoa oa hajoale (le o feto-fetohang) oa ho arola litokelo tsa phihlello ho sehlopha o bitsoa RBAC (). E phatlalalitsoe hore e tsitsitse ho tloha phetolelong . RBAC e sebelisa mohlala oa litokelo moo ntho e 'ngoe le e 'ngoe e sa lumelloeng ka ho hlaka e thibetsoeng.
Ho nolofalletsa RBAC, o hloka ho qala Kubernetes api-server ka paramente --authorization-mode=RBAC. Litekanyetso li behiloe ho manifest ka tlhophiso ea api-server, eo ka ho sa feleng e leng haufi le tsela. /etc/kubernetes/manifests/kube-apiserver.yaml, karolong command. Leha ho le joalo, RBAC e se e ntse e nolofalitsoe ke kamehla, kahoo mohlomong ha ua lokela ho tšoenyeha ka eona: o ka netefatsa sena ka boleng. authorization-mode (ho e se e boletsoe kube-apiserver.yaml). Ka tsela, har'a litlhaloso tsa eona ho ka ba le mefuta e meng ea tumello (node, webhook, always allow), empa re tla tlohela ho nahanela ha bona ka ntle ho sebaka sa boitsebiso.
Ka tsela, re se re phatlalalitse ka tlhaloso e qaqileng ea melao-motheo le likarolo tsa ho sebetsa le RBAC, kahoo ho ea pele ke tla ipehela lethathamong le lekhutšoanyane la metheo le mehlala.
Likarolo tse latelang tsa API li sebelisoa ho laola phihlello ho Kubernetes ka RBAC:
-
RoleиClusterRole- mesebetsi e hlalosang litokelo tsa phihlello: -
Rolee u lumella ho hlalosa litokelo ka har'a sebaka sa mabitso; -
ClusterRole- ka har'a sehlopha, ho kenyeletsoa le lintho tse ikhethileng tse kang li-node, li-urls tseo e seng tsa lisebelisoa (ke hore ha li amane le lisebelisoa tsa Kubernetes - mohlala,/version,/logs,/api*); -
RoleBindingиClusterRoleBinding- e sebedisetswang ho tlamaRoleиClusterRoleho basebelisi, sehlopha sa basebelisi kapa ServiceAccount.
Mekhatlo ea Role le RoleBinding e lekanyelitsoe ke sebaka sa mabitso, ke hore. e tlameha ho ba ka har'a sebaka se tšoanang sa mabitso. Leha ho le joalo, RoleBinding e ka bua ka ClusterRole, e u lumellang hore u thehe litumello tse tloaelehileng le ho laola phihlello u li sebelisa.
Mesebetsi e hlalosa litokelo ho sebelisa lihlopha tsa melao e nang le:
- Lihlopha tsa API - bona ka apiGroups le tlhahiso
kubectl api-resources; - lisebelisoa (Maruo:
pod,namespace,deploymentjoalo joalo.); - Maetsi (maetsi:
set,updatejoalo joalo.). - mabitso a lisebelisoa (
resourceNames) - bakeng sa nyeoe ha o hloka ho fana ka monyetla oa ho fumana mohloli o itseng, eseng ho mehloli eohle ea mofuta ona.
Tlhahlobo e qaqileng haholoanyane ea tumello ho Kubernetes e ka fumanoa leqepheng . Ho e-na le hoo (kapa ho e-na le hoo, ho phaella ho sena), ke tla fana ka mehlala e bontšang mosebetsi oa hae.
Mehlala ea mekhatlo ea RBAC
E bonolo Role, e u lumellang ho fumana lethathamo le boemo ba li-pods le ho li beha leihlo sebakeng sa mabitso target-namespace:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: target-namespace
name: pod-reader
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]
Mohlala: ClusterRole, e u lumellang hore u fumane lethathamo le boemo ba li-pods le ho li beha leihlo ho pholletsa le sehlopha:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
# секции "namespace" нет, так как ClusterRole задействует весь кластер
name: secret-reader
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "watch", "list"]
Mohlala: RoleBinding, e lumellang mosebedisi mynewuser "bala" li-pods sebakeng sa mabitso my-namespace:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: read-pods
namespace: target-namespace
subjects:
- kind: User
name: mynewuser # имя пользователя зависимо от регистра!
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role # здесь должно быть “Role” или “ClusterRole”
name: pod-reader # имя Role, что находится в том же namespace,
# или имя ClusterRole, использование которой
# хотим разрешить пользователю
apiGroup: rbac.authorization.k8s.ioTlhahlobo ea ketsahalo
Ka mokhoa o hlophisitsoeng, meralo ea Kubernetes e ka emeloa ka tsela e latelang:
Karolo ea bohlokoa ea Kubernetes e ikarabellang bakeng sa likopo tsa ho sebetsa ke api-server. Lits'ebetso tsohle tsa cluster lia feta ho eona. U ka bala ho eketsehileng ka mekhoa ena ea ka hare sehloohong se reng "".
Tlhahlobo ea Sisteme ke karolo e khahlisang ho Kubernetes, e holofalitsoeng ke kamehla. E u lumella ho kenya mehala eohle ho Kubernetes API. Joalo ka ha u ka hakanya, liketso tsohle tse amanang le ho beha leihlo le ho fetola boemo ba sehlopha li etsoa ka API ena. Tlhaloso e ntle ea bokhoni ba eona e ka (joalo ka tloaelo) e fumaneha ho K8s. Ka mor'a moo, ke tla leka ho hlahisa sehlooho ka puo e bonolo.
Kahoo, ho nolofalletsa tlhahlobo, re hloka ho fetisa liparamente tse tharo tse hlokahalang ho sets'oants'o sa api-server, tse hlalositsoeng ka botlalo ka tlase:
-
--audit-policy-file=/etc/kubernetes/policies/audit-policy.yaml -
--audit-log-path=/var/log/kube-audit/audit.log -
--audit-log-format=json
Ho phaella ho li-parameter tsena tse tharo tse hlokahalang, ho na le litlhophiso tse ngata tse eketsehileng tse amanang le tlhahlobo ea libuka: ho tloha ho rotation ho ea ho litlhaloso tsa webhook. Mohlala oa li-parameter tsa log rotation:
-
--audit-log-maxbackup=10 -
--audit-log-maxsize=100 -
--audit-log-maxage=7
Empa re ke ke ra lula ho tsona ka botlalo - u ka fumana lintlha tsohle ho tsona .
Joalo ka ha ho se ho boletsoe, liparamente tsohle li behiloe ho manifest ka tlhophiso ea api-server (ka boiketsetso /etc/kubernetes/manifests/kube-apiserver.yaml), karolong command. Ha re khutlele ho li-parameter tse 3 tse hlokahalang 'me re li hlahlobe:
-
audit-policy-file- tsela ea faele ea YAML e hlalosang leano la tlhahlobo. Re tla khutlela ho litaba tsa eona hamorao, empa hajoale ke tla hlokomela hore faele e tlameha ho baloa ke ts'ebetso ea api-server. Ka hona, hoa hlokahala ho e kenya ka har'a setshelo, moo o ka eketsang khoutu e latelang likarolong tse loketseng tsa config:volumeMounts: - mountPath: /etc/kubernetes/policies name: policies readOnly: true volumes: - hostPath: path: /etc/kubernetes/policies type: DirectoryOrCreate name: policies -
audit-log-path- tsela ea faele ea log. Tsela e tlameha ho fihlelleha ts'ebetsong ea api-server, kahoo re hlalosa ho phahama ha eona ka tsela e ts'oanang:volumeMounts: - mountPath: /var/log/kube-audit name: logs readOnly: false volumes: - hostPath: path: /var/log/kube-audit type: DirectoryOrCreate name: logs -
audit-log-format- sebopeho sa log log. Ea kamehla kejson, empa mofuta oa mongolo oa lefa le ona oa fumaneha (legacy).
Leano la Tlhahlobo
Joale mabapi le faele e boletsoeng e hlalosang leano la ho rema lifate. Khopolo ea pele ea leano la ho hlahloba libuka ke level, boemo ba ho rema lifate. Ke tse latelang:
-
None- u se ke ua kena; -
Metadata- metadata ea kopo ea log: mosebelisi, nako ea kopo, sesebelisoa sa sepheo (pod, sebaka sa mabitso, joalo-joalo), mofuta oa ketso (leetsi), joalo-joalo; -
Request- log metadata le 'mele oa kopo; -
RequestResponse- log metadata, kopo ea 'mele le sehlopha sa karabo.
Methati e 'meli ea ho qetela (Request и RequestResponse) u se ke ua kenya likopo tse sa kang tsa fumana lisebelisoa (ho fihlella ho seo ho thoeng ke li-urls tseo e seng tsa lisebelisoa).
Hape likopo tsohle lia phethahala mekhahlelo e mengata:
-
RequestReceived- sethala ha kopo e amoheloa ke processor mme ha e so fetisetsoe ho feta letotong la li-processor; -
ResponseStarted- lihlooho tsa karabo li romelloa, empa pele sehlopha sa karabo se romeloa. E etselitsoe lipotso tsa nako e telele (mohlala,watch); -
ResponseComplete- sehlopha sa karabelo se rometsoe, ha ho sa tla romelloa lintlha tse ling; -
Panic- liketsahalo li hlahisoa ha ho fumanoa boemo bo sa tloaelehang.
Ho tlola mehato efe kapa efe eo o ka e sebelisang omitStages.
Ka faeleng ea leano, re ka hlalosa likarolo tse 'maloa tse nang le maemo a fapaneng a ho rema lifate. Ho tla sebelisoa molao oa pele oa ho nyallana o fumanoang tlhalosong ea leano.
The kubelet daemon monitors e fetoha ho manifest ka tlhophiso ea api-server mme, haeba e teng, e qala setshelo ka api-server. Empa ho na le ntlha ea bohlokoa: liphetoho faeleng ea pholisi li tla hlokomolohuoa ke eona. Kamora ho etsa liphetoho faeleng ea pholisi, o tla hloka ho qala api-server ka letsoho. Kaha api-server e qalile joalo ka , sehlopha kubectl delete e ke ke ea etsa hore e qale hape. U tla tlameha ho e etsa ka letsoho docker stop ho kube-masters, moo leano la tlhahlobo le fetotsoeng:
docker stop $(docker ps | grep k8s_kube-apiserver | awk '{print $1}')Ha o nolofalletsa tlhahlobo, ho bohlokoa ho hopola seo mojaro ho kube-apiserver oa eketseha. Haholo-holo, tšebeliso ea memori bakeng sa ho boloka moelelo oa kopo ea eketseha. Ho rema lifate ho qala feela ka mor'a hore sehlooho sa karabo se rometsoe. Mojaro o boetse o ipapisitse le tlhophiso ea leano la tlhahlobo.
Mehlala ea maano
Ha re shebeng sebopeho sa lifaele tsa maano re sebelisa mehlala.
Faele e bonolo ke ena policyho ngola tsohle boemong Metadata:
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
Ho leano o ka hlakisa lenane la basebelisi (Users и ServiceAccounts) le lihlopha tsa basebelisi. Ka mohlala, ena ke tsela eo re tla hlokomoloha basebelisi ba tsamaiso, empa re ngole ntho e 'ngoe le e' ngoe boemong Request:
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: None
userGroups:
- "system:serviceaccounts"
- "system:nodes"
users:
- "system:anonymous"
- "system:apiserver"
- "system:kube-controller-manager"
- "system:kube-scheduler"
- level: RequestHape hoa khoneha ho hlalosa lipheo:
- libaka tsa mabitso (
namespaces); - Maetsi (maetsi:
get,update,deletele ba bang); - lisebelisoa (Maruo, e leng:
pod,configmapsjoalo-joalo) le lihlopha tsa lisebelisoa (apiGroups).
Ela hloko! Lisebelisoa le lihlopha tsa lisebelisoa (lihlopha tsa API, ke hore, apiGroups), hammoho le liphetolelo tsa tsona tse kentsoeng sehlopheng, li ka fumanoa ho sebelisoa litaelo:
kubectl api-resources
kubectl api-versionsLeano le latelang la tlhahlobo le fanoa e le pontšo ea mekhoa e metle ka ho :
apiVersion: audit.k8s.io/v1beta1
kind: Policy
# Не логировать стадию RequestReceived
omitStages:
- "RequestReceived"
rules:
# Не логировать события, считающиеся малозначительными и не опасными:
- level: None
users: ["system:kube-proxy"]
verbs: ["watch"]
resources:
- group: "" # это api group с пустым именем, к которому относятся
# базовые ресурсы Kubernetes, называемые “core”
resources: ["endpoints", "services"]
- level: None
users: ["system:unsecured"]
namespaces: ["kube-system"]
verbs: ["get"]
resources:
- group: "" # core
resources: ["configmaps"]
- level: None
users: ["kubelet"]
verbs: ["get"]
resources:
- group: "" # core
resources: ["nodes"]
- level: None
userGroups: ["system:nodes"]
verbs: ["get"]
resources:
- group: "" # core
resources: ["nodes"]
- level: None
users:
- system:kube-controller-manager
- system:kube-scheduler
- system:serviceaccount:kube-system:endpoint-controller
verbs: ["get", "update"]
namespaces: ["kube-system"]
resources:
- group: "" # core
resources: ["endpoints"]
- level: None
users: ["system:apiserver"]
verbs: ["get"]
resources:
- group: "" # core
resources: ["namespaces"]
# Не логировать обращения к read-only URLs:
- level: None
nonResourceURLs:
- /healthz*
- /version
- /swagger*
# Не логировать сообщения, относящиеся к типу ресурсов “события”:
- level: None
resources:
- group: "" # core
resources: ["events"]
# Ресурсы типа Secret, ConfigMap и TokenReview могут содержать секретные данные,
# поэтому логируем только метаданные связанных с ними запросов
- level: Metadata
resources:
- group: "" # core
resources: ["secrets", "configmaps"]
- group: authentication.k8s.io
resources: ["tokenreviews"]
# Действия типа get, list и watch могут быть ресурсоёмкими; не логируем их
- level: Request
verbs: ["get", "list", "watch"]
resources:
- group: "" # core
- group: "admissionregistration.k8s.io"
- group: "apps"
- group: "authentication.k8s.io"
- group: "authorization.k8s.io"
- group: "autoscaling"
- group: "batch"
- group: "certificates.k8s.io"
- group: "extensions"
- group: "networking.k8s.io"
- group: "policy"
- group: "rbac.authorization.k8s.io"
- group: "settings.k8s.io"
- group: "storage.k8s.io"
# Уровень логирования по умолчанию для стандартных ресурсов API
- level: RequestResponse
resources:
- group: "" # core
- group: "admissionregistration.k8s.io"
- group: "apps"
- group: "authentication.k8s.io"
- group: "authorization.k8s.io"
- group: "autoscaling"
- group: "batch"
- group: "certificates.k8s.io"
- group: "extensions"
- group: "networking.k8s.io"
- group: "policy"
- group: "rbac.authorization.k8s.io"
- group: "settings.k8s.io"
- group: "storage.k8s.io"
# Уровень логирования по умолчанию для всех остальных запросов
- level: MetadataMohlala o mong o motle oa leano la tlhahlobo ke .
Ho arabela ka potlako liketsahalong tsa tlhahlobo, hoa khoneha hlalosa webhook. Taba ena e kenyelelitsoe , ke tla e tlohela ka ntle ho sebaka sa sehlooho sena.
Liphello
Sengoloa se fana ka kakaretso ea mekhoa ea ts'ireletso ea mantlha ho lihlopha tsa Kubernetes, tse u lumellang hore u thehe liakhaonto tsa motho ka mong, u arole litokelo tsa bona, 'me u tlalehe liketso tsa bona. Ke tšepa hore e tla ba molemo ho ba tobaneng le litaba tse joalo ka khopolo kapa ka ts'ebetso. Ke boetse ke khothaletsa hore u bale lethathamo la lisebelisoa tse ling tse mabapi le ts'ireletso ea Kubernetes, e fanoeng "PS" - mohlomong har'a bona u tla fumana lintlha tse hlokahalang ka mathata a amanang le uena.
PES
Bala hape ho blog ea rona:
- «";
- «";
- «";
- «";
- «".
Source: www.habr.com