Today I Learn - 48

Kubernetes

Service

파드 집합에서 실행중인 애플리케이션을 네트워크 서비스로 노출하는 추상화 방법. 쿠버네티스를 사용하면 익숙하지 않은 서비스 디스커버리 메커니즘을 사용하기 위해 애플리케이션을 수정할 필요가 없다. 쿠버네티스는 파드에게 고유한 IP 주소와 파드 집합에 대한 단일 DNS 명을 부여하고, 그것들 간에 로드-밸런스를 수행할 수 있다.

Round-Robin형

ReplicationControllers

apiVersion: v1
kind: ReplicationControllers
metadata:
  name: myweb-rc
  labels:
    app: myweb
spec:
  replicas: 3
  selector:
    app: myweb
    tier: frontend
  template:
    metadata:
      labels:
        app: myweb
        tier: frontend
        team: devops
    spec:
      containers:
      - name: myweb
        image: ghcr.io/c1t1d0s7/go-myweb

---

ReplicaSets

apiVersion: apps/v1
kind: ReplicaSet
metadata:
  name: myweb-rs
  labels:
    app: myweb
spec:
  replicas: 3
  selector:
    matchLabels: 
      app: myweb
  template:
    metadata:
      labels:
        app: myweb
    spec:
      containers:
      - name: myweb
        image: ghcr.io/c1t1d0s7/go-myweb

• .spec.selector.matchLabels: 일치성

• .spec.selector.matchExpressions: 집합성

  • key: 키
  • operator: In, NotIn, Exists, DoesNotExist
  • values: 값

apiVersion: apps/v1
kind: ReplicaSet
metadata: 
  name: myapp-rs2
  labels:
    app: myapp
spec:
  replicas: 2
  selector:
    matchExpressions:
    - key: app
      operator: In
      values: 
      - myapp
  template:
    metadata:
      labels:
        app: myapp
    spec:
      containers:
      - name: myapp
        image: ghcr.io/c1t1d0s7/go-myweb
        ports:
        - containerPort: 8080
          protocol: TCP

---

Kubernetes 오브젝트 관리

• Imperative: 절차, 명령형
  • kubectl create
  • kubectl delete
  • kubectl run
  • kubectl edit
  • kubectl replace
  • kubectl patch rs myapp-rs1 -p '{"spec": {"replicas":1}}'
• Declarative: 선언형
  • kubectl apply

---

DaemonSets

각 노드마다 하나씩의 파드를 배치

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: myweb-ds
  labels:
    app: myweb
spec:
  selector:
    matchLabels:
      app: myweb
  template:
    metadata:
      labels:
        app: myweb
    spec:
      containers:
      - name: myweb
        image: ghcr.io/c1t1d0s7/go-myweb
        ports:
        - containerPort: 8080

일부 노드에 배치:

• .spec.template.spec.nodeSelector

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: myweb-ds
  labels:
    app: myweb
spec:
  selector:
    matchLabels:
      app: myweb
  template:
    metadata:
      labels:
        app: myweb
    spec:
      nodeSelector:
        test: worker
      containers:
      - name: myweb
        image: ghcr.io/c1t1d0s7/go-myweb
        ports:
        - containerPort: 8080

---

Jobs

apiVersion: batch/v1
kind: Job
metadata: 
  name: myweb-job
spec:
  completions: 4
  parallelism: 2
  template:
    spec:
      restartPolicy: OnFailure
      containers:
      - name: sixty
        image: busybox
        command: ["sleep", "20"]

• .spec.template.spec.restartPolicy: 컨테이너의 재시작 정책
  • Always (기본값) - Job 리소스에서는 허용되지 않음
  • OnFailure
  • Never

---

CronJobs

apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: myapp-cj
spec:
  jobTemplate:
    spec:
      template:
        spec:
          restartPolicy: OnFailure
          containers:
          - name: sixty
            image: busybox
            command: ["sleep","20"]
  schedule: "* * * * *"

• .spec.successfulJobsHistoryLimit: 성공한 작업(파드) 히스토리 개수(기본 3)
• .spec.failedJobsHistoryLimit: 실패한 작업(파드) 히스토리 개수(기본 1)

---

Service

apiVersion: v1
kind: Service
metadata:
  name: myapp-svc
spec:
  selector:
    app: myapp
  ports:
    - protocol: TCP
      port: 80 # 서비스 포트
      targetPort: 8080 # Pod의 노출 포트

kubectl run test -it --image ghcr.io/c1t1d0s7/network-multitool --rm

> host myapp-svc.default.svc.cluster.local
> host myapp-svc.default.svc
> host myapp-svc.default
> host myapp-svc

FQDN

<SVC_NAME>.<NAMESPACE>.<RESOURCE_TYPE>.<DOMAIN>

• RESOURCE_TYPE: svc
• DOMAIN: cluster.local

---

숙제?

DB: RC,RS,DS,Job,CJ X

MySQL: Pod

MySQL: SVC

Client: Pod (mysql -h -u -p)

---

04-26

Relicaset, DaemonSet, Job, CronJob

Service

04-27

Service, ingress / storage

04-28

custom, deployment, statefuleset