1. Kubernetes Private Registry
사설 레지스트리를 사용하기 위해 시크릿 생성
root@master:~# kubectl create secret docker-registry test --docker-server=192.168.0.195:5000 \
> --docker-username=test \
> --docker-password=test \
> --docker-email=test@test.com
secret/test created
생성한 시크릿 목록
root@master:~# kubectl get secret
NAME TYPE DATA AGE
test kubernetes.io/dockerconfigjson 1 4s
네임스페이드에 등록. 해당 네임스페이스에 시크릿을 등록하여 매니페스트에 정의를 하지 않아도 되도록 설정
root@master:~# kubectl patch -n default serviceaccount/default -p '{"imagePullSecrets":[{"name": "test"}]}'
serviceaccount/default patched
root@master:~# vi /etc/docker/daemon.json
********
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"insecure-registries" : ["192.168.0.195:5000"]
}
worker1, worker2 에도 적용
********
root@master:~# systemctl restart docker
root@master:~# docker login 192.168.0.195:5000
Username: test
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
root@master:~# vi pri-test.yml
*************
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: pri-test
spec:
selector: #복제할 대상을 '선택'
matchLabels: #매칭라벨은
app: test # app:test이다.
replicas: 2
template: #기존의 Pod 매니페스트 파일 형식과 같다.
metadata:
name: test
labels:
app: test #위에서 선택될 라벨
spec:
containers:
- name: test-container
image: 192.168.0.195:5000/nginx:latest
*************
root@master:~# kubectl apply -f pri-test.yml
replicaset.apps/pri-test created
root@master:~# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pri-test-cl24n 1/1 Running 0 3m30s 10.10.189.96 worker2 <none> <none>
pri-test-h6mjh 1/1 Running 0 3m30s 10.10.235.168 worker1 <none> <none>
root@master:~# curl 10.10.189.96
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
root@master:~# curl 10.10.235.168
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
컨테이너로 접속 하기
root@master:~# kubectl exec -it pri-test-cl24n -- /bin/bash
root@pri-test-cl24n:/# ls /run/
lock/ nginx.pid secrets/ utmp
root@pri-test-cl24n:/# cat /run/nginx.pid
1
root@pri-test-cl24n:/# kill 1
쿠버네티스는 파드 내부에 있는 어플리케이션상에 문제가 생겼을 경우에도 복구를 할 수 있는데 이것을 셀프 힐링이라고 부른다.
root@master:~# kubectl get pod -o wide --watch
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pri-test-cl24n 1/1 Running 0 26m 10.10.189.96 worker2 <none> <none>
pri-test-h6mjh 1/1 Running 0 26m 10.10.235.168 worker1 <none> <none>
pri-test-cl24n 0/1 Completed 0 27m 10.10.189.96 worker2 <none> <none>
pri-test-cl24n 1/1 Running 1 (1s ago) 27m 10.10.189.96 worker2 <none> <none>
root@master:~# kubectl delete rs pri-test
replicaset.apps "pri-test" deleted
root@master:~# kubectl create deployment cordon --image=192.168.0.195:5000/hnginx
deployment.apps/cordon created
root@master:~# kubectl get pod
NAME READY STATUS RESTARTS AGE
cordon-78ff477bb4-l9cmm 1/1 Running 0 76s
내렸던 명령어를 yaml 파일에 넣는법
root@master:~# kubectl create deployment cordon --image=192.168.0.195:5000/hnginx --dry-run=client -o yaml > cordon.yml
root@master:~# cat cordon.yml | head -5
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
root@master:~# curl 10.10.189.97
cordon-78ff477bb4-l9cmm
스케일 조정
root@master:~# kubectl create deployment cordon --image=192.168.0.195:5000/hnginx
deployment.apps/cordon created
root@master:~# kubectl scale deployment cordon --replicas=2
deployment.apps/cordon scaled
root@master:~# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
cordon-78ff477bb4-lkvfq 1/1 Running 0 23s 10.10.189.102 worker2 <none> <none>
cordon-78ff477bb4-tl9lt 1/1 Running 0 5s 10.10.235.178 worker1 <none> <none>
워커 노드 2번에 문제가 생겼다고 가정해보자
<cordon> 특정 노드에 더이상의 파드를 스케쥴링 하고싶지 않을때
root@master:~# kubectl cordon worker2
node/worker2 cordoned
root@master:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane 28h v1.26.0
worker1 Ready <none> 27h v1.26.0
worker2 Ready,SchedulingDisabled <none> 27h v1.26.0
root@master:~# kubectl scale deployment cordon --replicas=6
deployment.apps/cordon scaled
root@master:~# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
cordon-78ff477bb4-lkvfq 1/1 Running 0 2m45s 10.10.189.102 worker2 <none> <none>
cordon-78ff477bb4-n2bpt 1/1 Running 0 2s 10.10.235.179 worker1 <none> <none>
cordon-78ff477bb4-ncrvg 1/1 Running 0 2s 10.10.235.182 worker1 <none> <none>
cordon-78ff477bb4-qnn2b 1/1 Running 0 2s 10.10.235.180 worker1 <none> <none>
cordon-78ff477bb4-rfqlt 1/1 Running 0 2s 10.10.235.181 worker1 <none> <none>
cordon-78ff477bb4-tl9lt 1/1 Running 0 2m27s 10.10.235.178 worker1 <none> <none>
워커 노드 1번에 몰려있음
root@master:~# kubectl scale deployment cordon --replicas=2
deployment.apps/cordon scaled
root@master:~# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
cordon-78ff477bb4-lkvfq 1/1 Running 0 4m4s 10.10.189.102 worker2 <none> <none>
cordon-78ff477bb4-tl9lt 1/1 Running 0 3m46s 10.10.235.178 worker1 <none> <none>
root@master:~# kubectl uncordon worker2
node/worker2 uncordoned
root@master:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane 28h v1.26.0
worker1 Ready <none> 28h v1.26.0
worker2 Ready <none> 28h v1.26.0
drain - 1번 노드를 점검하고 싶다 worker1 의 노드들을 worker2 노드로 옮기고 싶다
root@master:~# kubectl drain worker1 --ignore-daemonsets
node/worker1 already cordoned
Warning: ignoring DaemonSet-managed Pods: kube-system/calico-node-z9vsh, kube-system/kube-proxy-fblbx
evicting pod default/cordon-78ff477bb4-tl9lt
pod/cordon-78ff477bb4-tl9lt evicted
node/worker1 drained
root@master:~# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
cordon-78ff477bb4-jxphp 1/1 Running 0 10s 10.10.189.103 worker2 <none> <none>
cordon-78ff477bb4-lkvfq 1/1 Running 0 9m38s 10.10.189.102 worker2 <none> <none>
워커노드 2로 다 옮겨짐을 확인할 수 있음
root@master:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane 28h v1.26.0
worker1 Ready,SchedulingDisabled <none> 28h v1.26.0
worker2 Ready <none> 28h v1.26.0
root@master:~# kubectl uncordon worker1
node/worker1 uncordoned
root@master:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane 28h v1.26.0
worker1 Ready <none> 28h v1.26.0
worker2 Ready <none> 28h v1.26.0
root@master:~# kubectl delete deploy cordon
deployment.apps "cordon" deleted
예제
이름이 rollout 인 deployment 를
label은 app:nginx로 하되,
컨테이너 image 는 192.168.0.195:5000/nginx:1.14
를 매니페스트로 정의 후 생성
root@master:~# vi rollout.yml
*****
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
name: rollout
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: 192.168.0.195:5000/nginx:1.14.0
name: nginx
*****
root@master:~# kubectl apply -f rollout.yml --record
root@master:~# kubectl get pods
NAME READY STATUS RESTARTS AGE
rollout-7b5d955d97-f5hmz 1/1 Running 0 45s
rollout-7b5d955d97-r8sxs 1/1 Running 0 45s
rollout-7b5d955d97-tlnnq 1/1 Running 0 45s
root@master:~# kubectl rollout history deploy rollout
deployment.apps/rollout
REVISION CHANGE-CAUSE
1 kubectl apply --filename=rollout.yml --record=true
root@master:~# curl -I 10.10.189.104 --silent | grep Server
Server: nginx/1.14.0이미지 업데이트
root@master:~# kubectl set image deploy rollout nginx=192.168.0.195:5000/nginx:latest --record
Flag --record has been deprecated, --record will be removed in the future
deployment.apps/rollout image updated
기존 파드를 날리고 새로운 파드가 생성된다 기존 파드들의 IP 를 확인하면 변경되어있는 것을 확인 할 수 있다.
root@master:~# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
rollout-57b48fd66b-846q2 1/1 Running 0 98s 10.10.235.184 worker1 <none> <none>
rollout-57b48fd66b-vbjqr 1/1 Running 0 96s 10.10.189.106 worker2 <none> <none>
rollout-57b48fd66b-w6ftl 1/1 Running 0 94s 10.10.235.185 worker1 <none> <none>
root@master:~# curl -I 10.10.235.184 --silent | grep Server
Server: nginx/1.23.3
root@master:~# kubectl rollout history deploy rollout
deployment.apps/rollout
REVISION CHANGE-CAUSE
1 kubectl apply --filename=rollout.yml --record=true
2 kubectl set image deploy rollout nginx=192.168.0.195:5000/nginx:latest --record=true
없을 만한 이미지 버전을 넣어서 테스트
root@master:~# kubectl set image deploy rollout nginx=192.168.0.195:5000/nginx:1.1123344 --record
Flag --record has been deprecated, --record will be removed in the future
deployment.apps/rollout image updated
rollout-75ccdfb546-jgrvb 0/1 ImagePullBackOff 0 15s 10.10.189.108 worker2 <none> <none>
rollout-75ccdfb546-jgrvb 0/1 ErrImagePull 0 33s 10.10.189.108 worker2 <none> <none>
rollout-75ccdfb546-jgrvb 0/1 ImagePullBackOff 0 45s 10.10.189.108 worker2 <none> <none>
rollout-75ccdfb546-jgrvb 0/1 ErrImagePull 0 56s 10.10.189.108 worker2 <none> <none>
rollout-75ccdfb546-jgrvb 0/1 ImagePullBackOff 0 67s 10.10.189.108 worker2 <none> <none>
현재 배포가 잘 이루어지고 있는지 확인
root@master:~# kubectl rollout status deploy rollout
Waiting for deployment "rollout" rollout to finish: 1 out of 3 new replicas have been updated...
잘 안되고 있으므로, 원상복구를 시켜야 한다
root@master:~# kubectl rollout history deploy rollout
deployment.apps/rollout
REVISION CHANGE-CAUSE
1 kubectl apply --filename=rollout.yml --record=true
2 kubectl set image deploy rollout nginx=192.168.0.195:5000/nginx:latest --record=true
3 kubectl set image deploy rollout nginx=192.168.0.195:5000/nginx:1.1123344 --record=true
root@master:~# kubectl rollout undo deploy rollout
deployment.apps/rollout rolled back
2번이 4번으로 바뀜
root@master:~# kubectl rollout history deploy rollout
deployment.apps/rollout
REVISION CHANGE-CAUSE
1 kubectl apply --filename=rollout.yml --record=true
3 kubectl set image deploy rollout nginx=192.168.0.195:5000/nginx:1.1123344 --record=true
4 kubectl set image deploy rollout nginx=192.168.0.195:5000/nginx:latest --record=true
root@master:~# kubectl get pod
NAME READY STATUS RESTARTS AGE
rollout-57b48fd66b-846q2 1/1 Running 0 10m
rollout-57b48fd66b-vbjqr 1/1 Running 0 10m
rollout-57b48fd66b-w6ftl 1/1 Running 0 10m
root@master:~# kubectl get pod -o wide --watch
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
rollout-57b48fd66b-846q2 1/1 Running 0 9m56s 10.10.235.184 worker1 <none> <none>
rollout-57b48fd66b-vbjqr 1/1 Running 0 9m54s 10.10.189.106 worker2 <none> <none>
rollout-57b48fd66b-w6ftl 1/1 Running 0 9m52s 10.10.235.185 worker1 <none> <none>
root@master:~# curl -I 10.10.235.184 --silent | grep Server
Server: nginx/1.23.3
root@master:~# kubectl rollout undo deploy rollout
deployment.apps/rollout rolled back
root@master:~# kubectl rollout undo deploy rollout --to-revision=1
deployment.apps/rollout rolled back
root@master:~# kubectl get pod -o wide --watch
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
rollout-7b5d955d97-jkmp6 1/1 Running 0 24s 10.10.189.111 worker2 <none> <none>
rollout-7b5d955d97-sdrvz 1/1 Running 0 27s 10.10.189.110 worker2 <none> <none>
rollout-7b5d955d97-vtvtz 1/1 Running 0 26s 10.10.235.186 worker1 <none> <none>
root@master:~# curl -I 10.10.189.111 --silent | grep Server
Server: nginx/1.14.0
root@master:~# kubectl delete -f rollout.yml
deployment.apps "rollout" deleted
2. Deployment & Service
root@master:~# kubectl create deployment np-deploy --image=192.168.0.195:5000/hnginx
root@master:~# kubectl get pod
NAME READY STATUS RESTARTS AGE
np-deploy-6d7bfb7d97-57xs9 1/1 Running 0 8s
root@master:~# vi np-svc.yml
*****
apiVersion: v1
kind: Service
metadata:
name: np-svc
spec:
selector:
app: np-deploy
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
nodePort: 30000
type: NodePort
*****
root@master:~# kubectl apply -f np-svc.yml
service/np-svc created
root@master:~# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 29h
np-svc NodePort 10.110.210.139 <none> 80:30000/TCP 9s
root@master:~# curl 211.183.3.110:30000
np-deploy-6d7bfb7d97-57xs9
root@master:~# curl 211.183.3.120:30000
np-deploy-6d7bfb7d97-57xs9
로드밸런싱 확인
root@master:~# kubectl scale deploy np-deploy --replicas=3
deployment.apps/np-deploy scaled
root@master:~# curl 211.183.3.120:30000
np-deploy-6d7bfb7d97-57xs9
root@master:~# curl 211.183.3.120:30000
np-deploy-6d7bfb7d97-p22sw
예제
np-test라는 label 을 갖는 pod를 np-test-svc라는 서비스를 통해 노드포트 (:30001) 로 연결
root@master:~# vi np-test.yml
*****
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
name: np-test
spec:
replicas: 1
selector:
matchLabels:
app: np-test
template:
metadata:
labels:
app: np-test
spec:
containers:
- image: 192.168.0.195:5000/nginx:1.14.0
name: np-test
*****
root@master:~# kubectl apply -f np-test.yml
root@master:~# vi np-test-service.yml
*****
apiVersion: v1
kind: Service
metadata:
name: np-test-service
spec:
selector:
app: np-test
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
nodePort: 30001
type: NodePort
*****
root@master:~# kubectl apply -f np-test-service.yml
root@master:~# kubectl get pods
NAME READY STATUS RESTARTS AGE
np-deploy-6d7bfb7d97-57xs9 1/1 Running 0 60m
np-deploy-6d7bfb7d97-lph55 1/1 Running 0 21m
np-deploy-6d7bfb7d97-p22sw 1/1 Running 0 21m
np-test-bcdd96867-rsshs 1/1 Running 0 12s
root@master:~# kubectl set image deploy np-test np-test=192.168.0.195:5000/hnginx
root@master:~# kubectl scale deploy np-test --replicas=3
root@master:~# curl 211.183.3.110:30001
np-test-bcdd96867-9z65r
root@master:~# curl 211.183.3.110:30001
np-test-bcdd96867-rsshs
root@master:~# curl 211.183.3.110:30001
np-test-bcdd96867-rsshs
root@master:~# curl 211.183.3.110:30001
np-test-bcdd96867-rsshs
root@master:~# curl 211.183.3.110:30001
np-test-bcdd96867-mhblw
root@master:~# curl 211.183.3.110:30001
np-test-bcdd96867-mhblw
무럭무럭 자라볼까