概要

一応インフラ部に所属しているのですがネットワークをちゃんと理解していない事にハッと気づきました。
そこでTCPの仕様書がRFCとして公開されているそうなので和訳しつつ要約 or 感想書いてみようと思います。 備忘のためなので和訳を期待された方は他をご参照ください（こことか）。

Wikipediaは本当に偉大でRFCリストが用意されていますので、 そのなかでもRFC 793 - Transmission Control Protocol (TCP v4)を読みたいと思います。

甘え体質なので自分に厳しく(?)オリジナルの英語で読みたいと思います。

目次

• 概要
• 目次
• 詳細
  • PREFACE
  • INTRODUCTION
    • Motivation
    • Scope
    • About This Document
    • Interfaces
    • Operation
      • Basic Data Transfer
      • Reliability
      • Flow Control
      • Multiplexing
      • Connections
      • Precedence and Security
  • PHILOSOPHY
    • Elements of the Internetwork System
    • Model of Operation
    • The Host Environment
    • Interfaces
    • Relation to Other Protocols
    • Reliable Communication
    • Connection Establishment and Clearing
    • Data Communication
• 感想

詳細

PREFACE

This document describes the DoD Standard Transmission Control Protocol (TCP). DoDというのは Department of Defense の略だとネットに書いてありました。

There have been nine earlier editions of the ARPA TCP specification on which this standard is based, and the present text draws heavily from them.

これは10版ということかな。

INTRODUCTION

The Transmission Control Protocol (TCP) is intended for use as a highly reliable host-to-host protocol between hosts in packet-switched computer communication networks, and in interconnected systems of such networks.

TCPの目的はホスト間の高い信頼性をもったプロトコルとして利用されることです。

This document describes the functions to be performed by the Transmission Control Protocol, the program that implements it, and its interface to programs or users that require its services.

このドキュメントにはTCPの機能、その実装、インタフェースを記述してあります。

Motivation

Computer communication systems are playing an increasingly important role in military, government, and civilian environments. This document focuses its attention primarily on military computer communication requirements, especially robustness in the presence of communication unreliability and availability in the presence of congestion, but many of these problems are found in the civilian and government sector as well.

この資料は軍事の視点に重きをおいていますが、民間でも同じような点が重要となってきます。

As strategic and tactical computer communication networks are developed and deployed, it is essential to provide means of interconnecting them and to provide standard interprocess communication protocols which can support a broad range of applications. In anticipation of the need for such standards, the Deputy Undersecretary of Defense for Research and Engineering has declared the Transmission Control Protocol (TCP) described herein to be a basis for DoD-wide inter-process communication protocol standardization.

ネットワークは大事で、利用側の利便性のために標準化が必須。

TCP is a connection-oriented, end-to-end reliable protocol designed to fit into a layered hierarchy of protocols which support multi-network applications. The TCP provides for reliable inter-process communication between pairs of processes in host computers attached to distinct but interconnected computer communication networks. Very few assumptions are made as to the reliability of the communication protocols below the TCP layer. TCP assumes it can obtain a simple, potentially unreliable datagram service from the lower level protocols. In principle, the TCP should be able to operate above a wide spectrum of communication systems ranging from hard-wired connections to packet-switched or circuit-switched networks.

TCPは階層型のプロトコルに適合するよう設計されています。

TCP is based on concepts first described by Cerf and Kahn in [1]. The TCP fits into a layered protocol architecture just above a basic Internet Protocol [2] which provides a way for the TCP to send and receive variable-length segments of information enclosed in internet datagram "envelopes". The internet datagram provides a means for addressing source and destination TCPs in different networks. The internet protocol also deals with any fragmentation or reassembly of the TCP segments required to achieve transport and delivery through multiple networks and interconnecting gateways. The internet protocol also carries information on the precedence, security classification and compartmentation of the TCP segments, so this information can be communicated end-to-end across multiple networks.

TCPは基本的なインターネット・プロトコルのすぐ上の階層に位置している。

Much of this document is written in the context of TCP implementations which are co-resident with higher level protocols in the host computer. Some computer systems will be connected to networks via front-end computers which house the TCP and internet protocol layers, as well as network specific software. The TCP specification describes an interface to the higher level protocols which appears to be implementable even for the front-end case, as long as a suitable host-to-front end protocol is implemented.

houseってどういう意味なんだろう。ここ飛ばそう。

Scope

The TCP is intended to provide a reliable process-to-process communication service in a multinetwork environment. The TCP is intended to be a host-to-host protocol in common use in multiple networks.

TCPを使うことでプロセス間で信頼性の高い通信を行えます。

About This Document

This document represents a specification of the behavior required of any TCP implementation, both in its interactions with higher level protocols and in its interactions with other TCPs. The rest of this section offers a very brief view of the protocol interfaces and operation. Section 2 summarizes the philosophical basis for the TCP design. Section 3 offers both a detailed description of the actions required of TCP when various events occur (arrival of new segments, user calls, errors, etc.) and the details of the formats of TCP segments.

この資料にはあらゆるTCP実装が備えるべき仕様が書いてあります。

Interfaces

The TCP interfaces on one side to user or application processes and on the other side to a lower level protocol such as Internet Protocol.

この文の動詞ってどれだろう...

The interface between an application process and the TCP is illustrated in reasonable detail. This interface consists of a set of calls much like the calls an operating system provides to an application process for manipulating files. For example, there are calls to open and close connections and to send and receive data on established connections. It is also expected that the TCP can asynchronously communicate with application programs. Although considerable freedom is permitted to TCP implementors to design interfaces which are appropriate to a particular operating system environment, a minimum functionality is required at the TCP/user interface for any valid implementation.

アプリとのインタフェースが図で書いてあります。 インタフェースは、OSが提供するのと同じように、処理要求(Calls)の集合として構成されています。 インタフェースには、特定OSやユーザ要求への対応のために、多少の実装の柔軟性(自由)があります。

The interface between TCP and lower level protocol is essentially unspecified except that it is assumed there is a mechanism whereby the two levels can asynchronously pass information to each other. Typically, one expects the lower level protocol to specify this interface. TCP is designed to work in a very general environment of interconnected networks. The lower level protocol which is assumed throughout this document is the Internet Protocol [2].

TCPと下位プロトコルの間のインタフェースは、 互いに非同期に情報伝達できると仮定されていることを除けば、特に規定されていません。 通常はTCPが下位プロトコル(=IP)に対してこのインタフェースを規定することを期待します。

Operation

As noted above, the primary purpose of the TCP is to provide reliable, securable logical circuit or connection service between pairs of processes. To provide this service on top of a less reliable internet communication system requires facilities in the following areas:

Basic Data Transfer Reliability Flow Control Multiplexing Connections Precedence and Security

The basic operation of the TCP in each of these areas is described in the following paragraphs.

TCPの目的達成のためには6つの領域に対してケアする必要があります。 * データ転送 * 信頼性 * フロー制御 * 多重化 * コネクション * 優先つけと安全性

Basic Data Transfer

The TCP is able to transfer a continuous stream of octets in each direction between its users by packaging some number of octets into segments for transmission through the internet system. In general, the TCPs decide when to block and forward data at their own convenience. 1セグメント = 複数オクテット（1オクテット=常に8bit）。 TCPは通信者の双方向に複数セグメントを送信できる。

Sometimes users need to be sure that all the data they have submitted to the TCP has been transmitted. For this purpose a push function is defined. To assure that data submitted to a TCP is actually transmitted the sending user indicates that it should be pushed through to the receiving user. A push causes the TCPs to promptly forward and deliver data up to that point to the receiver. The exact push point might not be visible to the receiving user and the push function does not supply a record boundary marker.

データが届いたか確認するためにpush機能が定義された。 pushによって早急にデータが受信者に転送される。 「boundary marker」がわからないよー！

Reliability

The TCP must recover from data that is damaged, lost, duplicated, or delivered out of order by the internet communication system. This is achieved by assigning a sequence number to each octet transmitted, and requiring a positive acknowledgment (ACK) from the receiving TCP. If the ACK is not received within a timeout interval, the data is retransmitted. At the receiver, the sequence numbers are used to correctly order segments that may be received out of order and to eliminate duplicates. Damage is handled by adding a checksum to each segment transmitted, checking it at the receiver, and discarding damaged segments. TCPはデータの破損、消失、重複、Internet外への配送、の状況に対応しなくてはいけない。 それはシーケンシャル番号とACKの仕組みで達成される。 あと破損検知のためチェックサム付けるよ。

As long as the TCPs continue to function properly and the internet system does not become completely partitioned, no transmission errors will affect the correct delivery of data. TCP recovers from internet communication system errors. 前提条件としてinternetが完全に分断されないこと。

Flow Control

TCP provides a means for the receiver to govern the amount of data sent by the sender. This is achieved by returning a "window" with every ACK indicating a range of acceptable sequence numbers beyond the last segment successfully received. The window indicates an allowed number of octets that the sender may transmit before receiving further permission.

受信者はうけとるデータ量を調整するために、ACKと一緒に"window"を使えるよ。 windowは送信できるオクテット数の上限のこと。

Multiplexing

To allow for many processes within a single Host to use TCP communication facilities simultaneously, the TCP provides a set of addresses or ports within each host. Concatenated with the network and host addresses from the internet communication layer, this forms a socket. A pair of sockets uniquely identifies each connection. That is, a socket may be simultaneously used in multiple connections.

単一ホスト上の複数プロセスが同時にTCP通信を使えるように socket（＝ network * host-address)という形式を使う。 とあるsocketは同時に複数コネクションによって利用されうる。

The binding of ports to processes is handled independently by each Host. However, it proves useful to attach frequently used processes (e.g., a "logger" or timesharing service) to fixed sockets which are made known to the public. These services can then be accessed through the known addresses. Establishing and learning the port addresses of other processes may involve more dynamic mechanisms.

Connections

The reliability and flow control mechanisms described above require that TCPs initialize and maintain certain status information for each data stream. The combination of this information, including sockets, sequence numbers, and window sizes, is called a connection. Each connection is uniquely specified by a pair of sockets identifying its two sides.

信頼性とフロー管理を達成するために、TCPは各ストリームの状態管理を余儀なくされる。

When two processes wish to communicate, their TCP's must first establish a connection (initialize the status information on each side). When their communication is complete, the connection is terminated or closed to free the resources for other uses.

Since connections must be established between unreliable hosts and over the unreliable internet communication system, a handshake mechanism with clock-based sequence numbers is used to avoid erroneous initialization of connections.

シーケンシャル番号ってclock-basedだったんですね。

Precedence and Security

The users of TCP may indicate the security and precedence of their communication. Provision is made for default values to be used when these features are not needed.

プロビジョンという何かが作られる。デフォルト値とな。

PHILOSOPHY

Elements of the Internetwork System

The internetwork environment consists of hosts connected to networks which are in turn interconnected via gateways. It is assumed here that the networks may be either local networks (e.g., the ETHERNET) or large networks (e.g., the ARPANET), but in any case are based on packet switching technology. The active agents that produce and consume messages are processes. Various levels of protocols in the networks, the gateways, and the hosts support an interprocess communication system that provides two-way data flow on logical connections between process ports.

The term packet is used generically here to mean the data of one transaction between a host and its network. The format of data blocks exchanged within the a network will generally not be of concern to us.

Hosts are computers attached to a network, and from the communication network's point of view, are the sources and destinations of packets. Processes are viewed as the active elements in host computers (in accordance with the fairly common definition of a process as a program in execution). Even terminals and files or other I/O devices are viewed as communicating with each other through the use of processes. Thus, all communication is viewed as inter-process communication.

Since a process may need to distinguish among several communication streams between itself and another process (or processes), we imagine that each process may have a number of ports through which it communicates with the ports of other processes.

ここはひとまず特に特筆すべきことはなさそうにみえる..

Model of Operation

Processes transmit data by calling on the TCP and passing buffers of data as arguments. The TCP packages the data from these buffers into segments and calls on the internet module to transmit each segment to the destination TCP. The receiving TCP places the data from a segment into the receiving user's buffer and notifies the receiving user. The TCPs include control information in the segments which they use to ensure reliable ordered data transmission.

プロセスはデータバッファを引数としてTCPの処理を呼び出すことでデータ送信を行う。 TCPはバッファデータを複数セグメントにパッケージ化して、インターネットモジュールを 呼び出す。受信側のTCPはセグメントを受け取ったらバッファに格納して、ユーザに通知する。

The model of internet communication is that there is an internet protocol module associated with each TCP which provides an interface to the local network. This internet module packages TCP segments inside internet datagrams and routes these datagrams to a destination internet module or intermediate gateway. To transmit the datagram through the local network, it is embedded in a local network packet.

インターネットモジュールというのは主にIPプロトコルモジュールを指すっぽい。 TCPセグメントはIPデータグラムでカプセル化するよってことかな。

The packet switches may perform further packaging, fragmentation, or other operations to achieve the delivery of the local packet to the destination internet module.

At a gateway between networks, the internet datagram is "unwrapped" from its local packet and examined to determine through which network the internet datagram should travel next. The internet datagram is then "wrapped" in a local packet suitable to the next network and routed to the next gateway, or to the final destination.

A gateway is permitted to break up an internet datagram into smaller internet datagram fragments if this is necessary for transmission through the next network. To do this, the gateway produces a set of internet datagrams; each carrying a fragment. Fragments may be further broken into smaller fragments at subsequent gateways. The internet datagram fragment format is designed so that the destination internet module can reassemble fragments into internet datagrams.

A destination internet module unwraps the segment from the datagram (after reassembling the datagram, if necessary) and passes it to the destination TCP.

IPってデータグラムを分割する機能あったんだー（なんか勉強したことある気がするけど）。 Internet Header Formatとか IPパケットの構造とIPフラグメンテーション (3/3)が参考になりました。

This simple model of the operation glosses over many details. One important feature is the type of service. This provides information to the gateway (or internet module) to guide it in selecting the service parameters to be used in traversing the next network. Included in the type of service information is the precedence of the datagram. Datagrams may also carry security information to permit host and gateways that operate in multilevel secure environments to properly segregate datagrams for security considerations.

サービスタイプの機能は階層層に活用されるって知っていたけど、 セキュリティの視点からも利用されるみたいですね。 （ここじゃよくわからないんだけど、あとで詳細出てくるよね...）

The Host Environment

The TCP is assumed to be a module in an operating system. The users access the TCP much like they would access the file system. The TCP may call on other operating system functions, for example, to manage data structures. The actual interface to the network is assumed to be controlled by a device driver module. The TCP does not call on the network device driver directly, but rather calls on the internet datagram protocol module which may in turn call on the device driver.

TCPはOSから提供され、FILEアクセスするかのように利用できます。 ネットワークデバイスドライバを使うのはTCPじゃなくてIPらしい。

The mechanisms of TCP do not preclude implementation of the TCP in a front-end processor. However, in such an implementation, a host-to-front-end protocol must provide the functionality to support the type of TCP-user interface described in this document.

「front-end processor」とは何を指すのか... ネットワークデバイスドライバとかかな

Interfaces

The TCP/user interface provides for calls made by the user on the TCP to OPEN or CLOSE a connection, to SEND or RECEIVE data, or to obtain STATUS about a connection. These calls are like other calls from user programs on the operating system, for example, the calls to open, read from, and close a file.

The TCP/internet interface provides calls to send and receive datagrams addressed to TCP modules in hosts anywhere in the internet system. These calls have parameters for passing the address, type of service, precedence, security, and other control information.

TCPにはOPEN,CLOSE,SEND,RECEIVE,STATUSのメソッドがありそうな雰囲気。

Relation to Other Protocols

The following diagram illustrates the place of the TCP in the protocol hierarchy:

  +------+ +-----+ +-----+       +-----+
  |Telnet| | FTP | |Voice|  ...  |     |  Application Level
  +------+ +-----+ +-----+       +-----+
        |   |         |             |
       +-----+     +-----+       +-----+
       | TCP |     | RTP |  ...  |     |  Host Level
       +-----+     +-----+       +-----+
          |           |             |
       +-------------------------------+
       |    Internet Protocol & ICMP   |  Gateway Level
       +-------------------------------+
                      |
         +---------------------------+
         |   Local Network Protocol  |    Network Level
         +---------------------------+

                    Protocol Relationships

                          Figure 2.

It is expected that the TCP will be able to support higher level protocols efficiently. It should be easy to interface higher level protocols like the ARPANET Telnet or AUTODIN II THP to the TCP.

TCPは上位層のプロトコルを効率的にサポートできることが期待されています。

Reliable Communication

A stream of data sent on a TCP connection is delivered reliably and in order at the destination.

Transmission is made reliable via the use of sequence numbers and acknowledgments. Conceptually, each octet of data is assigned a sequence number. The sequence number of the first octet of data in a segment is transmitted with that segment and is called the segment sequence number. Segments also carry an acknowledgment number which is the sequence number of the next expected data octet of transmissions in the reverse direction. When the TCP transmits a segment containing data, it puts a copy on a retransmission queue and starts a timer; when the acknowledgment for that data is received, the segment is deleted from the queue. If the acknowledgment is not received before the timer runs out, the segment is retransmitted.

An acknowledgment by TCP does not guarantee that the data has been delivered to the end user, but only that the receiving TCP has taken the responsibility to do so.

To govern the flow of data between TCPs, a flow control mechanism is employed. The receiving TCP reports a "window" to the sending TCP. This window specifies the number of octets, starting with the acknowledgment number, that the receiving TCP is currently prepared to receive.

TCPの信頼性はシーケンシャル番号とACKで成り立っている。 1. セグメントを転送 2. コピーを再送信キューにいれる 3. タイマー起動 4. 時間内にACKを受け取ったら対応するキューの要素を削除 5. 時間切れならキューの要素を再送信

フロー制御についてはwindowを使うんだけど、既出感あるので略。

Connection Establishment and Clearing

To identify the separate data streams that a TCP may handle, the TCP provides a port identifier. Since port identifiers are selected independently by each TCP they might not be unique. To provide for unique addresses within each TCP, we concatenate an internet address identifying the TCP with a port identifier to create a socket which will be unique throughout all networks connected together.

IPとPortの組み合わせによってNW上でsocketを一意に特定します。

A connection is fully specified by the pair of sockets at the ends. A local socket may participate in many connections to different foreign sockets. A connection can be used to carry data in both directions, that is, it is "full duplex".

コネクションは末端のソケットの組で特定できる。

TCPs are free to associate ports with processes however they choose. However, several basic concepts are necessary in any implementation. There must be well-known sockets which the TCP associates only with the "appropriate" processes by some means. We envision that processes may "own" ports, and that processes can initiate connections only on the ports they own. (Means for implementing ownership is a local issue, but we envision a Request Port user command, or a method of uniquely allocating a group of ports to a given process, e.g., by associating the high order bits of a port name with a given process.)

この部分はよくわからなかった。 特定のポートは特定のプロセスが専有する形になるよってことなんですかね。

A connection is specified in the OPEN call by the local port and foreign socket arguments. In return, the TCP supplies a (short) local connection name by which the user refers to the connection in subsequent calls. There are several things that must be remembered about a connection. To store this information we imagine that there is a data structure called a Transmission Control Block (TCB). One implementation strategy would have the local connection name be a pointer to the TCB for this connection. The OPEN call also specifies whether the connection establishment is to be actively pursued, or to be passively waited for.

TCPのOPENコールを呼び出すと、返り値としてコネクション名を渡される。 それとTCBを紐付ける。 OPENコールはアクティブとパッシブがある。

A passive OPEN request means that the process wants to accept incoming connection requests rather than attempting to initiate a connection. Often the process requesting a passive OPEN will accept a connection request from any caller. In this case a foreign socket of all zeros is used to denote an unspecified socket. Unspecified foreign sockets are allowed only on passive OPENs.

A service process that wished to provide services for unknown other processes would issue a passive OPEN request with an unspecified foreign socket. Then a connection could be made with any process that requested a connection to this local socket. It would help if this local socket were known to be associated with this service.

サーバはパッシブ。

Well-known sockets are a convenient mechanism for a priori associating a socket address with a standard service. For instance, the "Telnet-Server" process is permanently assigned to a particular socket, and other sockets are reserved for File Transfer, Remote Job Entry, Text Generator, Echoer, and Sink processes (the last three being for test purposes). A socket address might be reserved for access to a "Look-Up" service which would return the specific socket at which a newly created service would be provided. The concept of a well-known socket is part of the TCP specification, but the assignment of sockets to services is outside this specification. (See [4].)

well-know ソケット（＝ポート）は標準的なサービスとソケットを紐付けるためには便利。

Processes can issue passive OPENs and wait for matching active OPENs from other processes and be informed by the TCP when connections have been established. Two processes which issue active OPENs to each other at the same time will be correctly connected. This flexibility is critical for the support of distributed computing in which components act asynchronously with respect to each other.

There are two principal cases for matching the sockets in the local passive OPENs and an foreign active OPENs. In the first case, the local passive OPENs has fully specified the foreign socket. In this case, the match must be exact. In the second case, the local passive OPENs has left the foreign socket unspecified. In this case, any foreign socket is acceptable as long as the local sockets match. Other possibilities include partially restricted matches.

ソケットの通信を始めるには2つの方法がある。 1つ目は、受け手側が、送り手側のソケットを正確に指定する方法。 2つ目は、受け手側が、送り手側を特に指定せずに待ち受ける方法。

If there are several pending passive OPENs (recorded in TCBs) with the same local socket, an foreign active OPEN will be matched to a TCB with the specific foreign socket in the foreign active OPEN, if such a TCB exists, before selecting a TCB with an unspecified foreign socket.

The procedures to establish connections utilize the synchronize (SYN) control flag and involves an exchange of three messages. This exchange has been termed a three-way hand shake [3].

A connection is initiated by the rendezvous of an arriving segment containing a SYN and a waiting TCB entry each created by a user OPEN command. The matching of local and foreign sockets determines when a connection has been initiated. The connection becomes "established" when sequence numbers have been synchronized in both directions.

The clearing of a connection also involves the exchange of segments, in this case carrying the FIN control flag.

Data Communication

The data that flows on a connection may be thought of as a stream of octets. The sending user indicates in each SEND call whether the data in that call (and any preceeding calls) should be immediately pushed through to the receiving user by the setting of the PUSH flag.

すぐに送信してほしいときはpushフラグをセットする。

A sending TCP is allowed to collect data from the sending user and to send that data in segments at its own convenience, until the push function is signaled, then it must send all unsent data. When a receiving TCP sees the PUSH flag, it must not wait for more data from the sending TCP before passing the data to the receiving process.

TCPは好きにバッファにデータが貯まるのを待ってもいいが、push機能が呼ばれたら、 すぐにデータを送信しければいけない。

感想

以前、勉強会のために、とある技術書をきちんと和訳していたのですが、 今回もその時と同じように「辛いな」と思いました。

（和訳自体が勉強になるわけではないですし、 どう翻訳するかで結構時間取られてしまうので、、、）

残りの部分は具体的なTCPの仕様の話になりますが和訳は止めて、 次は実装を目指したいと思います。

以上。

概要

kubenetes を使い始めたのですが annotation っていつ使うんだろーと思って
放置していたのでちゃんと調べてみました。

ただし実行環境はOpenShiftを使っています。
中身はk8sなのであんまり違いはないかなと。

詳細

まず適当なPodを作成してみます。

$ cat pod_sample.yml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    app: test
spec:
  containers:
  - name: nginx
    image: bitnami/nginx:latest
    ports:
    - containerPort: 8080
$ oc apply -f pod_sample.yml 
pod/nginx created

次にPodの情報を表示します。

$ oc get po nginx -o yaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"labels":{"app":"test"},"name":"nginx","namespace":"default"},"spec":{"containers":[{"image":"bitnami/nginx:latest","name":"nginx","ports":[{"containerPort":8080}]}]}}
    openshift.io/scc: anyuid
  creationTimestamp: 2019-02-21T07:01:20Z
  labels:
    app: test
  name: nginx
  namespace: default

特に指示していないのに勝手にannotationが付与されています。

公式のドキュメントにはこう書いてあります。

Attaching metadata to objects You can use either labels or annotations to attach metadata to Kubernetes objects. Labels can be used to select objects and to find collections of objects that satisfy certain conditions. In contrast, annotations are not used to identify and select objects. The metadata in an annotation can be small or large, structured or unstructured, and can include characters not permitted by labels.

つまり、annotationを使ってk8sのリソースオブジェクトに対してメタデータを付与するんだよ、ってことですね。 そこはサラッと知っていたんですが、誰のために どんな情報を ってところを確認したいと思います。

すでにこことか ここ のブログにLabelとAnnotationの違いと使う方が記載されています。

• オブジェクトの変更理由の記録
• 特別なスケジューラへの、特別なスケジュールポリシーの伝達
• リソースを更新したツールと、それがどのように更新したかの情報の付加
• 他のツールからの更新検知などのため
• Deployment オブジェクトによるロールアウトのための、ReplicaSet の追跡情報の保存など。（入門 Kubernetes P.77）

実際に運用していないから経験値が不足しまくっているけどひねり出してみると
「運用者が担当範囲のnamespaceをみると知らないPodが稼働してたけど
annotationを見るとk8s管理者が作成したものらしいから静観でいっか」みたいな感じかな。

とりあえず機能の位置づけと、Labelとは全く異なるものだと理解できたので良かったです。

背景

友人とフォレンジック勉強会を行っています。
輪講として「File System Forensic Analysis 1st edition (著: Brian Carrier) 」を読んでいます。

本題

先日 Chapter 3 をまとめたのでブログにも展開します。
speakerdeck.com

以上。