포스팅 목차
kubernetes 아키텍쳐 구조
Master Node
kube-apiserver
- 쿠버네티스 api를 노출하는 컴포넌트, kubectl로 부터 Resource를 조작도록 지시 받음.
- front-end of cluster's shared state
- Master for the cluster
- All components work through it
- Validates and configures data for API objects
- Services REST operations
- Only component to connect to etcd database
kube-scheduler
- 노드 모니터링, 적절한 노드 선택
- Uses algorithm to determine Pod placement
- Checks quota restrictions
- Custom scheduling policies possible
- Affinity rules to place pods on specific nodes
- Taints can be used to repel pods
- Pod bindings can force particular scheduling
- https://github.com/kubernetes/kubernetes/blob/master/pkg/scheduler/scheduler.go
etcd database
- 고가용성을 갖추 분산 key, value 스토어, 클러스터의 백킹스토어
- Multiversion persistent b+tree key-value store
- append only, regular compaction (update가 아니라 추가 되는 형태)
- Shed oldest version of superseded data
- Works with curl and other HTTP libraries
- Provides reliable watch queries
- Distributed consensus protocol for leadership (3개 노드 이상 구성)
kube-controller-manager
- Resource 제어 컨트롤러 실행. agent 개념과 비슷.
- Daemon which embeds core control-loops
- Watches state of cluster
- Works to make current state match desired state
cloud-controller-manager (ccm)
- Interacts with outside cloud managers
- Allows features to be developed outside of core release cycle
- Each kubelet must use --cloud-provicer-external 옵션 지정
- Handles tasks once part of kube-controller-manager
추가 기능
- DNS
- Dashboard - Web UI
- Cluster-level resource monitoring
- Cluster-level logging
Worker Nodes
kubelet
- default
- Agent on each node
- Uses PodSpec
- Mounts volumes to Pod
- Downloads secrets
- Passes request to local container engine
- Reports status of Pods and node to cluster
kube-proxy
- DaemonSet기반의 pod 형태
Docker engine or rkt
Supervisord
- daemon감시, 죽으면 restart 함
Fluentd
- logging 관련 플러그인
Services
- Connect Pods together
- Expose Pods to Internet (외부에서도 접근 가능하도록)
- Decouple settings
- Define Pod access policy
- microservice
Controllers
- Watch based control loop monitoring delta
- Informer / SharedInformer
- Workqueue
- Shipped controllers
- replication controller
- endpoints controller
- namespace controller
- serviceaccounts controller
Pods
- One or more containers
- main service container + sidecar container
- 함께 배포되어야 정합성을 유지할수 있는 container들은 하나로 묶어서 구성 - Smallest unit to work with
- Only one, shared IP address per Pod
- 1Pod , 1Container 권장
Containers
- Not worked with directly
- Usage limit passed to container engine
container spec안에 Resource정의 (아래 참조, 1core == 1,000m)
resource:
limits:
cpu: "1"
memory: "4Gi"
requests:
cpu: "0.5"
memory: "500Mi"- ResourceQuota
- PriorityClass
Init Containers
- 사전 작업을 위한 container
- Block app containers until precondition met
- Can contain code or utilities not in an app
- Independent security from app container (아래 예제의 initContainers 설정은 /db/dir 생성 될때까지 sleep을 줌.)
spec:
containers:
- name: main-app
image: databaseD
initContainers:
- name: wait-database
image: busybox
command: ['sh', '-c', 'until ls /db/dir ; do sleep 5; done; ']
Component Review
Node
- Created outside of cluster
- NodeStatus
- NodeLease
- windows 도 worker로 join해서 사용 가능
참조) CKA 대비 간단 실습
01. kubeadm 을 이용한 설치 및 세팅
02. kubernetes 클러스터 노드 확장 및 셋팅
03. 간단한 application 배포, yaml템플릿, 서비스 expose 해보기
04. deployment 의 CPU, Memory 제약
05. namespace 를 위한 resource limit 설정
06. 좀더 복잡한 deployment 배포해보기
07. 기본 Node 의 maintenance (유지보수)
08. API AND ACCESS
09. API 객체
10. Managing State with Deployments
11. Service Resource
12. Volumes and Data : ConfigMap 간단 테스트
13. PV 와 PVC 생성
14. ResourceQuota 사용 (PVC Count 와 Usage를 제한)
15. ingress 간단 실습
16. Scheduling - label 사용한 pod 할당
17. Scheduling - Taint를 이용한 pod 배포 관리
18. 로깅과 트러블슈팅 : 로그위치와 로그 출력 보기
19. 로깅과 트러블슈팅 : Metrics와 DashBoard
20. CRD (Custom Resource Definition)
21. helm
22. Security - TLS
23. Security - Authentication, Authorization, Admission
24. HA(High Availability) 구성 - master node
