포스팅 목차
microservice 관련 demo 를 이용하여 배포해본다.
관련 yaml 파일을 다운로드 한다.
ps0107@k8smaster1:~$ wget https://raw.githubusercontent.com/microservices-demo/microservices-demo/master/deploy/kubernetes/complete-demo.yaml -O complete-demo.yaml
더보기
더보기
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: carts-db
labels:
name: carts-db
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: carts-db
spec:
containers:
- name: carts-db
image: mongo
ports:
- name: mongo
containerPort: 27017
securityContext:
capabilities:
drop:
- all
add:
- CHOWN
- SETGID
- SETUID
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: carts-db
labels:
name: carts-db
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 27017
targetPort: 27017
selector:
name: carts-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: carts
labels:
name: carts
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: carts
spec:
containers:
- name: carts
image: weaveworksdemos/carts:0.4.8
ports:
- containerPort: 80
env:
- name: ZIPKIN
value: zipkin.jaeger.svc.cluster.local
- name: JAVA_OPTS
value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: carts
labels:
name: carts
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
selector:
name: carts
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: catalogue-db
labels:
name: catalogue-db
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: catalogue-db
spec:
containers:
- name: catalogue-db
image: weaveworksdemos/catalogue-db:0.3.0
env:
- name: MYSQL_ROOT_PASSWORD
value: fake_password
- name: MYSQL_DATABASE
value: socksdb
ports:
- name: mysql
containerPort: 3306
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: catalogue-db
labels:
name: catalogue-db
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 3306
targetPort: 3306
selector:
name: catalogue-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: catalogue
labels:
name: catalogue
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: catalogue
spec:
containers:
- name: catalogue
image: weaveworksdemos/catalogue:0.3.5
ports:
- containerPort: 80
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: catalogue
labels:
name: catalogue
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
selector:
name: catalogue
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: front-end
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: front-end
spec:
containers:
- name: front-end
image: weaveworksdemos/front-end:0.3.12
resources:
requests:
cpu: 100m
memory: 100Mi
ports:
- containerPort: 8079
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: front-end
labels:
name: front-end
namespace: sock-shop
spec:
type: NodePort
ports:
- port: 80
targetPort: 8079
nodePort: 30001
selector:
name: front-end
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: orders-db
labels:
name: orders-db
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: orders-db
spec:
containers:
- name: orders-db
image: mongo
ports:
- name: mongo
containerPort: 27017
securityContext:
capabilities:
drop:
- all
add:
- CHOWN
- SETGID
- SETUID
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: orders-db
labels:
name: orders-db
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 27017
targetPort: 27017
selector:
name: orders-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: orders
labels:
name: orders
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: orders
spec:
containers:
- name: orders
image: weaveworksdemos/orders:0.4.7
env:
- name: ZIPKIN
value: zipkin.jaeger.svc.cluster.local
- name: JAVA_OPTS
value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom
ports:
- containerPort: 80
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: orders
labels:
name: orders
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
selector:
name: orders
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: payment
labels:
name: payment
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: payment
spec:
containers:
- name: payment
image: weaveworksdemos/payment:0.4.3
ports:
- containerPort: 80
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: payment
labels:
name: payment
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
selector:
name: payment
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: queue-master
labels:
name: queue-master
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: queue-master
spec:
containers:
- name: queue-master
image: weaveworksdemos/queue-master:0.3.1
ports:
- containerPort: 80
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: queue-master
labels:
name: queue-master
annotations:
prometheus.io/path: "/prometheus"
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
selector:
name: queue-master
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: rabbitmq
labels:
name: rabbitmq
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: rabbitmq
spec:
containers:
- name: rabbitmq
image: rabbitmq:3.6.8
ports:
- containerPort: 5672
securityContext:
capabilities:
drop:
- all
add:
- CHOWN
- SETGID
- SETUID
- DAC_OVERRIDE
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: rabbitmq
labels:
name: rabbitmq
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 5672
targetPort: 5672
selector:
name: rabbitmq
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: shipping
labels:
name: shipping
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: shipping
spec:
containers:
- name: shipping
image: weaveworksdemos/shipping:0.4.8
env:
- name: ZIPKIN
value: zipkin.jaeger.svc.cluster.local
- name: JAVA_OPTS
value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom
ports:
- containerPort: 80
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: shipping
labels:
name: shipping
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
selector:
name: shipping
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: user-db
labels:
name: user-db
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: user-db
spec:
containers:
- name: user-db
image: weaveworksdemos/user-db:0.4.0
ports:
- name: mongo
containerPort: 27017
securityContext:
capabilities:
drop:
- all
add:
- CHOWN
- SETGID
- SETUID
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: tmp-volume
volumes:
- name: tmp-volume
emptyDir:
medium: Memory
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: user-db
labels:
name: user-db
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 27017
targetPort: 27017
selector:
name: user-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: user
labels:
name: user
namespace: sock-shop
spec:
replicas: 1
template:
metadata:
labels:
name: user
spec:
containers:
- name: user
image: weaveworksdemos/user:0.4.7
ports:
- containerPort: 80
env:
- name: MONGO_HOST
value: user-db:27017
securityContext:
runAsNonRoot: true
runAsUser: 10001
capabilities:
drop:
- all
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
name: user
labels:
name: user
namespace: sock-shop
spec:
ports:
# the port that this service should serve on
- port: 80
targetPort: 80
selector:
name: user
먼저 해당 파일에서 namespace를 조회하여 생성해 준다.
ps0107@k8smaster1:~$ grep namespace complete-demo.yaml
namespace: sock-shop
.....
namespace 생성 (sock-shop)
ps0107@k8smaster1:~$ kubectl create namespace sock-shop
namespace/sock-shop created
생성된 namespace 확인
ps0107@k8smaster1:~$ kubectl get namespaces
NAME STATUS AGE
default Active 41h
kube-node-lease Active 41h
kube-public Active 41h
kube-system Active 41h
sock-shop Active 4s
어떤 이미지를 사용하는지 조회해본다.
ps0107@k8smaster1:~$ grep image complete-demo.yaml
image: mongo
image: weaveworksdemos/carts:0.4.8
image: weaveworksdemos/catalogue-db:0.3.0
image: weaveworksdemos/catalogue:0.3.5
image: weaveworksdemos/front-end:0.3.12
image: mongo
image: weaveworksdemos/orders:0.4.7
image: weaveworksdemos/payment:0.4.3
image: weaveworksdemos/queue-master:0.3.1
image: rabbitmq:3.6.8
image: weaveworksdemos/shipping:0.4.8
image: weaveworksdemos/user-db:0.4.0
image: weaveworksdemos/user:0.4.7
yaml파일을 가지고 오브젝트들을 생성
ps0107@k8smaster1:~$ kubectl apply -n sock-shop -f complete-demo.yaml
deployment.extensions/carts-db created
service/carts-db created
deployment.extensions/carts created
service/carts created
deployment.extensions/catalogue-db created
service/catalogue-db created
deployment.extensions/catalogue created
service/catalogue created
deployment.extensions/front-end created
service/front-end created
deployment.extensions/orders-db created
service/orders-db created
deployment.extensions/orders created
service/orders created
deployment.extensions/payment created
service/payment created
deployment.extensions/queue-master created
service/queue-master created
deployment.extensions/rabbitmq created
service/rabbitmq created
deployment.extensions/shipping created
service/shipping created
deployment.extensions/user-db created
service/user-db created
deployment.extensions/user created
service/user created
default namespace이기 때문에 원하는 pod 조회 안됨.
ps0107@k8smaster1:~$ kubectl get pods
No resources found.
namespace 지정하여 pod 조회 (현재 이미지 다운로드로 creating 인 pod 들도 보임)
ps0107@k8smaster1:~$ kubectl -n sock-shop get pods
NAME READY STATUS RESTARTS AGE
carts-56c6fb966b-d26pm 0/1 ContainerCreating 0 26s
carts-db-5678cc578f-rkjw2 1/1 Running 0 27s
catalogue-644549d46f-6dm9l 0/1 ContainerCreating 0 26s
catalogue-db-6ddc796b66-fz4rb 0/1 ContainerCreating 0 26s
front-end-5594987df6-7z8bq 0/1 ContainerCreating 0 26s
orders-749cdc8c9-28ck4 0/1 ContainerCreating 0 26s
orders-db-5cfc68c4cf-m27dn 0/1 ContainerCreating 0 26s
payment-54f55b96b9-gnr9j 0/1 ContainerCreating 0 26s
queue-master-6fff667867-7qdvb 1/1 Running 0 26s
rabbitmq-bdfd84d55-47jnq 0/1 ContainerCreating 0 26s
shipping-78794fdb4f-btdf6 0/1 ContainerCreating 0 26s
user-77cff48476-6xs4q 1/1 Running 0 25s
user-db-99685d75b-vn4nb 0/1 ContainerCreating 0 25s
전체 pod들이 정상적으로 running 중임
ps0107@k8smaster1:~$ kubectl -n sock-shop get pods
NAME READY STATUS RESTARTS AGE
carts-56c6fb966b-d26pm 1/1 Running 0 128m
carts-db-5678cc578f-rkjw2 1/1 Running 0 128m
catalogue-644549d46f-6dm9l 1/1 Running 0 128m
catalogue-db-6ddc796b66-fz4rb 1/1 Running 0 128m
front-end-5594987df6-7z8bq 1/1 Running 0 128m
orders-749cdc8c9-28ck4 1/1 Running 0 128m
orders-db-5cfc68c4cf-m27dn 1/1 Running 0 128m
payment-54f55b96b9-gnr9j 1/1 Running 0 128m
queue-master-6fff667867-7qdvb 1/1 Running 0 128m
rabbitmq-bdfd84d55-47jnq 1/1 Running 0 128m
shipping-78794fdb4f-btdf6 1/1 Running 0 128m
user-77cff48476-6xs4q 1/1 Running 0 128m
user-db-99685d75b-vn4nb 1/1 Running 0 128m
service 오브젝트 정보도 확인, nodeport 도 열려 있는것 확인
ps0107@k8smaster1:~$ kubectl get svc -n sock-shop -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
carts ClusterIP 10.102.194.127 <none> 80/TCP 128m name=carts
carts-db ClusterIP 10.97.167.191 <none> 27017/TCP 128m name=carts-db
catalogue ClusterIP 10.99.201.219 <none> 80/TCP 128m name=catalogue
catalogue-db ClusterIP 10.109.211.97 <none> 3306/TCP 128m name=catalogue-db
front-end NodePort 10.103.52.241 <none> 80:30001/TCP 128m name=front-end
orders ClusterIP 10.96.109.73 <none> 80/TCP 128m name=orders
orders-db ClusterIP 10.98.40.151 <none> 27017/TCP 128m name=orders-db
payment ClusterIP 10.111.222.131 <none> 80/TCP 128m name=payment
queue-master ClusterIP 10.97.112.129 <none> 80/TCP 128m name=queue-master
rabbitmq ClusterIP 10.99.108.228 <none> 5672/TCP 128m name=rabbitmq
shipping ClusterIP 10.96.188.9 <none> 80/TCP 128m name=shipping
user ClusterIP 10.105.20.37 <none> 80/TCP 128m name=user
user-db ClusterIP 10.109.61.22 <none> 27017/TCP 128m name=user-db
docker 컨테이너들도 확인해 본다
ps0107@k8smaster1:~$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8b7e15d810f6 weaveworksdemos/user "/user -port=80" 2 hours ago Up 2 hours k8s_user_user-77cff48476-6xs4q_sock-shop_68776733-5d43-4a4d-9806-1e4ece7e7c0c_0
37c63d58a542 weaveworksdemos/queue-master "/usr/local/bin/java…" 2 hours ago Up 2 hours k8s_queue-master_queue-master-6fff667867-7qdvb_sock-shop_02523db0-37ad-4a5b-a742-111723c28c32_0
a591ac7e683f k8s.gcr.io/pause:3.1 "/pause" 2 hours ago Up 2 hours k8s_POD_user-77cff48476-6xs4q_sock-shop_68776733-5d43-4a4d-9806-1e4ece7e7c0c_0
64d2cf93e3bc k8s.gcr.io/pause:3.1 "/pause" 2 hours ago Up 2 hours k8s_POD_queue-master-6fff667867-7qdvb_sock-shop_02523db0-37ad-4a5b-a742-111723c28c32_0
5b255b61a93e eb516548c180 "/coredns -conf /etc…" 44 hours ago Up 44 hours k8s_coredns_coredns-5c98db65d4-fvz2k_kube-system_a4208d56-10d2-4958-b345-01603d5aa57b_0
df13b1015f61 k8s.gcr.io/pause:3.1 "/pause" 44 hours ago Up 44 hours k8s_POD_coredns-5c98db65d4-fvz2k_kube-system_a4208d56-10d2-4958-b345-01603d5aa57b_0
....
deployment 도 조회 해본다.
ps0107@k8smaster1:~$ kubectl get deployment --all-namespaces
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
kube-system calico-typha 0/0 0 0 43h
kube-system coredns 2/2 2 2 43h
sock-shop carts 1/1 1 1 129m
sock-shop carts-db 1/1 1 1 129m
sock-shop catalogue 1/1 1 1 129m
sock-shop catalogue-db 1/1 1 1 129m
sock-shop front-end 1/1 1 1 129m
sock-shop orders 1/1 1 1 129m
sock-shop orders-db 1/1 1 1 129m
sock-shop payment 1/1 1 1 129m
sock-shop queue-master 1/1 1 1 129m
sock-shop rabbitmq 1/1 1 1 129m
sock-shop shipping 1/1 1 1 129m
sock-shop user 1/1 1 1 129m
sock-shop user-db 1/1 1 1 129m
참조) CKA 대비 간단 실습
01. kubeadm 을 이용한 설치 및 세팅
02. kubernetes 클러스터 노드 확장 및 셋팅
03. 간단한 application 배포, yaml템플릿, 서비스 expose 해보기
04. deployment 의 CPU, Memory 제약
05. namespace 를 위한 resource limit 설정
06. 좀더 복잡한 deployment 배포해보기
07. 기본 Node 의 maintenance (유지보수)
08. API AND ACCESS
09. API 객체
10. Managing State with Deployments
11. Service Resource
12. Volumes and Data : ConfigMap 간단 테스트
13. PV 와 PVC 생성
14. ResourceQuota 사용 (PVC Count 와 Usage를 제한)
15. ingress 간단 실습
16. Scheduling - label 사용한 pod 할당
17. Scheduling - Taint를 이용한 pod 배포 관리
18. 로깅과 트러블슈팅 : 로그위치와 로그 출력 보기
19. 로깅과 트러블슈팅 : Metrics와 DashBoard
20. CRD (Custom Resource Definition)
21. helm
22. Security - TLS
23. Security - Authentication, Authorization, Admission
24. HA(High Availability) 구성 - master node
