PoD 란?
PoD는 RHOCP에서 사용되는 가장 작은 배포 단위로, 하나 이상의 컨테이너로 구성된다.
여러 컨테이너가 동일한 호스트에서 함께 실행될 필요가 있는 경우, 하나의 PoD 내에서 여러 컨테이너를 실행한다.
동일한 네트워크 네임스페이스와 파일 시스템 네임스페이스를 공유하므로 컨테이너 간에 서로 통신하고 데이터를 공유할 수 있다.
- 네임스페이스란?
리눅스 시스템에서 프로세스의 가상화된 공간을 나타내는데 사용되는 개념으로,
여러 가상화 환경을 독립적으로 운영하기 위해 사용된다.
- 리소스를 분리하여 자원을 격리된 환경에서 사용한다.
- 네임스페이스로 분리함으로써, 다른 컨테이너의 데이터나 프로세스에 접근할 수 없도록 보안을 강화한다.
- 동일한 이름을 가진 자원의 공유를 방지할 수 있다.
일반적으로 관련된 컨테이너를 묶어 배포 및 관리하기 위해 사용된다.
예를 들어, 웹 애플리케이션을 배포할 때 웹 서버 컨테이너와 DB 컨테이너를 하나의 PoD 에 묶어 관리한다.
1. 내부 NAT 네트워크 생성 및 확인
이전 포스트에서 미리 생성해둔 Mariadb 컨테이너를 활용하여 3개의 컨테이너를 한 개의 PoD 안에 구성한다.
[root@jh-container-rocky86 ~]# podman network create --driver bridge --subnet 100.100.100.0/24 --gateway 100.100.100.1 new-pod-network
new-pod-network
[root@jh-container-rocky86 ~]# podman network inspect --format json new-pod-network [
{
"name": "new-pod-network",
"id": "4e8902f80f67a0fdc9c2b36bc4bb05a01ec670da2df880d6505a896e9c114794",
"driver": "bridge",
"network_interface": "cni-podman1",
"created": "2024-02-15T09:14:04.557863987+09:00",
"subnets": [
{
"subnet": "100.100.100.0/24",
"gateway": "100.100.100.1"
}
],
"ipv6_enabled": false,
"internal": false,
"dns_enabled": false,
"ipam_options": {
"driver": "host-local"
}
}
]2. PoD 생성
[root@jh-container-rocky86 ~]# podman pod create --network new-pod-network --name new-pod
9c261ee9e125bb26ce699e4f272484eb2fb74dfb30cb434456e9d57d28efc2e7
[root@jh-container-rocky86 ~]# podman pod ls
POD ID NAME STATUS CREATED INFRA ID # OF CONTAINERS
9c261ee9e125 new-pod Created 2 seconds ago 98ec49566f8a 13. PoD 내부에 컨테이너 생성 및 확인
[root@jh-container-rocky86 ~]# podman run -itd --pod new-pod --network new-pod-network -p 13306:3306 -e MYSQL_ROOT_PASSWORD=1234 --restart always --name new-pod-mariadb01 mariadb:latest
63c277a95ee3df58e2b013e3180274a75248aa4019e1b73b1d8ff6b86606fa53
[root@jh-container-rocky86 ~]# podman run -itd --pod new-pod --network new-pod-network -p 23306:3306 -e MYSQL_ROOT_PASSWORD=1234 --restart always --name new-pod-mariadb02 mariadb:latest
f2baa96f7defbfb49bb611ec05fd499b55eef91a25c6edc1c19e86d99bf4fe15
[root@jh-container-rocky86 ~]# podman run -itd --pod new-pod --network new-pod-network -p 33306:3306 -e MYSQL_ROOT_PASSWORD=1234 --restart always --name new-pod-mariadb03 mariadb:latest
f8adb93e4441374dd52c3814f282d47e244d4e9f2ff6bfb9f060109b9f9ee81b
[root@jh-container-rocky86 ~]# netstat -antp | grep 3306
tcp 0 0 0.0.0.0:23306 0.0.0.0:* LISTEN 56235/conmon
tcp 0 0 0.0.0.0:33306 0.0.0.0:* LISTEN 56534/conmon
tcp 0 0 0.0.0.0:13306 0.0.0.0:* LISTEN 56004/conmon
[root@jh-container-rocky86 ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
98ec49566f8a localhost/podman-pause:4.0.2-1652198573 About an hour ago Up About an hour ago 9c261ee9e125-infra
63c277a95ee3 docker.io/library/mariadb:latest mariadbd About an hour ago Up About an hour ago 0.0.0.0:13306->3306/tcp new-pod-mariadb01
f2baa96f7def docker.io/library/mariadb:latest mariadbd About an hour ago Up About an hour ago 0.0.0.0:23306->3306/tcp new-pod-mariadb02
f8adb93e4441 docker.io/library/mariadb:latest mariadbd About an hour ago Up About an hour ago 0.0.0.0:33306->3306/tcp new-pod-mariadb03
[root@jh-container-rocky86 ~]# podman pod ps
POD ID NAME STATUS CREATED INFRA ID # OF CONTAINERS
9c261ee9e125 new-pod Running About an hour ago 98ec49566f8a 4
[root@jh-container-rocky86 ~]# podman ps --pod
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES POD ID PODNAME
98ec49566f8a localhost/podman-pause:4.0.2-1652198573 About an hour ago Up About an hour ago 9c261ee9e125-infra 9c261ee9e125 new-pod
63c277a95ee3 docker.io/library/mariadb:latest mariadbd About an hour ago Up About an hour ago 0.0.0.0:13306->3306/tcp new-pod-mariadb01 9c261ee9e125 new-pod
f2baa96f7def docker.io/library/mariadb:latest mariadbd About an hour ago Up About an hour ago 0.0.0.0:23306->3306/tcp new-pod-mariadb02 9c261ee9e125 new-pod
f8adb93e4441 docker.io/library/mariadb:latest mariadbd About an hour ago Up About an hour ago 0.0.0.0:33306->3306/tcp new-pod-mariadb03 9c261ee9e125 new-pod4. 접속 확인
다른 서버에서 접속이 가능한지 확인한다.
[root@jh-up-test-rhel84 ~]# mysql -uroot -p -h 10.65.121.86 -P 13306
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 11.2.2-MariaDB-1:11.2.2+maria~ubu2204 mariadb.org binary distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> Bye
[root@jh-up-test-rhel84 ~]# mysql -uroot -p -h 10.65.121.86 -P 23306
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 11.2.2-MariaDB-1:11.2.2+maria~ubu2204 mariadb.org binary distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> Bye
[root@jh-up-test-rhel84 ~]# mysql -uroot -p -h 10.65.121.86 -P 33306
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 11.2.2-MariaDB-1:11.2.2+maria~ubu2204 mariadb.org binary distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> Bye5. 컨테이너 중지
- 테스트를 위해 PoD 내 1번 DB를 중지한다.
[root@jh-container-rocky86 ~]# podman ps --pod
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES POD ID PODNAME
98ec49566f8a localhost/podman-pause:4.0.2-1652198573 23 hours ago Up 23 hours ago 9c261ee9e125-infra 9c261ee9e125 new-pod
63c277a95ee3 docker.io/library/mariadb:latest mariadbd 23 hours ago Up 23 hours ago 0.0.0.0:13306->3306/tcp new-pod-mariadb01 9c261ee9e125 new-pod
f2baa96f7def docker.io/library/mariadb:latest mariadbd 23 hours ago Up 23 hours ago 0.0.0.0:23306->3306/tcp new-pod-mariadb02 9c261ee9e125 new-pod
f8adb93e4441 docker.io/library/mariadb:latest mariadbd 23 hours ago Up 23 hours ago 0.0.0.0:33306->3306/tcp new-pod-mariadb03 9c261ee9e125 new-pod
[root@jh-container-rocky86 ~]# podman stop new-pod-mariadb01
new-pod-mariadb01
[root@jh-container-rocky86 ~]# podman ps --pod
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES POD ID PODNAME
98ec49566f8a localhost/podman-pause:4.0.2-1652198573 23 hours ago Up 23 hours ago 9c261ee9e125-infra 9c261ee9e125 new-pod
f2baa96f7def docker.io/library/mariadb:latest mariadbd 23 hours ago Up 23 hours ago 0.0.0.0:23306->3306/tcp new-pod-mariadb02 9c261ee9e125 new-pod
f8adb93e4441 docker.io/library/mariadb:latest mariadbd 23 hours ago Up 23 hours ago 0.0.0.0:33306->3306/tcp new-pod-mariadb03 9c261ee9e125 new-pod- 다른 서버에서 접속을 확인한다.
컨테이너가 중지된 상태이므로 접속이 안되는 것을 확인할 수 있다.
[root@jh-up-test-rhel84 ~]# mysql -uroot -p -h 10.65.121.86 -P 13306
Enter password:
ERROR 2002 (HY000): Can't connect to MySQL server on '10.65.121.86' (115)- DB 1번을 다시 시작한 후 다른 서버에서 접속을 확인한다.
[root@jh-container-rocky86 ~]# podman start new-pod-mariadb01
new-pod-mariadb01
[root@jh-container-rocky86 ~]# podman ps --pod
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES POD ID PODNAME
98ec49566f8a localhost/podman-pause:4.0.2-1652198573 23 hours ago Up 23 hours ago 9c261ee9e125-infra 9c261ee9e125 new-pod
63c277a95ee3 docker.io/library/mariadb:latest mariadbd 23 hours ago Up 3 seconds ago 0.0.0.0:13306->3306/tcp new-pod-mariadb01 9c261ee9e125 new-pod
f2baa96f7def docker.io/library/mariadb:latest mariadbd 23 hours ago Up 23 hours ago 0.0.0.0:23306->3306/tcp new-pod-mariadb02 9c261ee9e125 new-pod
f8adb93e4441 docker.io/library/mariadb:latest mariadbd 23 hours ago Up 23 hours ago 0.0.0.0:33306->3306/tcp new-pod-mariadb03 9c261ee9e125 new-pod
[root@jh-up-test-rhel84 ~]# mysql -uroot -p -h 10.65.121.86 -P 13306
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 11.2.2-MariaDB-1:11.2.2+maria~ubu2204 mariadb.org binary distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> 
Linux/Cluster/Infra Engineer