[kubernetes-실습] 좀더 복잡한 deployment 배포해보기

microservice 관련 demo 를 이용하여 배포해본다.

관련 yaml 파일을 다운로드 한다.

https://raw.githubusercontent.com/microservices-demo/microservices-demo/master/deploy/kubernetes/complete-demo.yaml

ps0107@k8smaster1:~$ wget https://raw.githubusercontent.com/microservices-demo/microservices-demo/master/deploy/kubernetes/complete-demo.yaml -O complete-demo.yaml

 

더보기
더보기
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: carts-db
  labels:
    name: carts-db
  namespace: sock-shop
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: carts-db
    spec:
      containers:
      - name: carts-db
        image: mongo
        ports:
        - name: mongo
          containerPort: 27017
        securityContext:
          capabilities:
            drop:
              - all
            add:
              - CHOWN
              - SETGID
              - SETUID
          readOnlyRootFilesystem: true
        volumeMounts:
        - mountPath: /tmp
          name: tmp-volume
      volumes:
        - name: tmp-volume
          emptyDir:
            medium: Memory
      nodeSelector:
        beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
  name: carts-db
  labels:
    name: carts-db
  namespace: sock-shop
spec:
  ports:
    # the port that this service should serve on
  - port: 27017
    targetPort: 27017
  selector:
    name: carts-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: carts
  labels:
    name: carts
  namespace: sock-shop
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: carts
    spec:
      containers:
      - name: carts
        image: weaveworksdemos/carts:0.4.8
        ports:
         - containerPort: 80
        env:
         - name: ZIPKIN
           value: zipkin.jaeger.svc.cluster.local
         - name: JAVA_OPTS
           value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom
        securityContext:
          runAsNonRoot: true
          runAsUser: 10001
          capabilities:
            drop:
              - all
            add:
              - NET_BIND_SERVICE
          readOnlyRootFilesystem: true
        volumeMounts:
        - mountPath: /tmp
          name: tmp-volume
      volumes:
        - name: tmp-volume
          emptyDir:
            medium: Memory
      nodeSelector:
        beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
  name: carts
  labels:
    name: carts
  namespace: sock-shop
spec:
  ports:
    # the port that this service should serve on
  - port: 80
    targetPort: 80
  selector:
    name: carts
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: catalogue-db
  labels:
    name: catalogue-db
  namespace: sock-shop
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: catalogue-db
    spec:
      containers:
      - name: catalogue-db
        image: weaveworksdemos/catalogue-db:0.3.0
        env:
          - name: MYSQL_ROOT_PASSWORD
            value: fake_password
          - name: MYSQL_DATABASE
            value: socksdb
        ports:
        - name: mysql
          containerPort: 3306
      nodeSelector:
        beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
  name: catalogue-db
  labels:
    name: catalogue-db
  namespace: sock-shop
spec:
  ports:
    # the port that this service should serve on
  - port: 3306
    targetPort: 3306
  selector:
    name: catalogue-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: catalogue
  labels:
    name: catalogue
  namespace: sock-shop
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: catalogue
    spec:
      containers:
      - name: catalogue
        image: weaveworksdemos/catalogue:0.3.5
        ports:
        - containerPort: 80
        securityContext:
          runAsNonRoot: true
          runAsUser: 10001
          capabilities:
            drop:
              - all
            add:
              - NET_BIND_SERVICE
          readOnlyRootFilesystem: true
      nodeSelector:
        beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
  name: catalogue
  labels:
    name: catalogue
  namespace: sock-shop
spec:
  ports:
    # the port that this service should serve on
  - port: 80
    targetPort: 80
  selector:
    name: catalogue
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: front-end
  namespace: sock-shop
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: front-end
    spec:
      containers:
      - name: front-end
        image: weaveworksdemos/front-end:0.3.12
        resources:
          requests:
            cpu: 100m
            memory: 100Mi
        ports:
        - containerPort: 8079
        securityContext:
          runAsNonRoot: true
          runAsUser: 10001
          capabilities:
            drop:
              - all
          readOnlyRootFilesystem: true
      nodeSelector:
        beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
  name: front-end
  labels:
    name: front-end
  namespace: sock-shop
spec:
  type: NodePort
  ports:
  - port: 80
    targetPort: 8079
    nodePort: 30001
  selector:
    name: front-end
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: orders-db
  labels:
    name: orders-db
  namespace: sock-shop
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: orders-db
    spec:
      containers:
      - name: orders-db
        image: mongo
        ports:
        - name: mongo
          containerPort: 27017
        securityContext:
          capabilities:
            drop:
              - all
            add:
              - CHOWN
              - SETGID
              - SETUID
          readOnlyRootFilesystem: true
        volumeMounts:
        - mountPath: /tmp
          name: tmp-volume
      volumes:
        - name: tmp-volume
          emptyDir:
            medium: Memory
      nodeSelector:
        beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
  name: orders-db
  labels:
    name: orders-db
  namespace: sock-shop
spec:
  ports:
    # the port that this service should serve on
  - port: 27017
    targetPort: 27017
  selector:
    name: orders-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: orders
  labels:
    name: orders
  namespace: sock-shop
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: orders
    spec:
      containers:
      - name: orders
        image: weaveworksdemos/orders:0.4.7
        env:
         - name: ZIPKIN
           value: zipkin.jaeger.svc.cluster.local
         - name: JAVA_OPTS
           value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom
        ports:
        - containerPort: 80
        securityContext:
          runAsNonRoot: true
          runAsUser: 10001
          capabilities:
            drop:
              - all
            add:
              - NET_BIND_SERVICE
          readOnlyRootFilesystem: true
        volumeMounts:
        - mountPath: /tmp
          name: tmp-volume
      volumes:
        - name: tmp-volume
          emptyDir:
            medium: Memory
      nodeSelector:
        beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
  name: orders
  labels:
    name: orders
  namespace: sock-shop
spec:
  ports:
    # the port that this service should serve on
  - port: 80
    targetPort: 80
  selector:
    name: orders
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: payment
  labels:
    name: payment
  namespace: sock-shop
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: payment
    spec:
      containers:
      - name: payment
        image: weaveworksdemos/payment:0.4.3
        ports:
        - containerPort: 80
        securityContext:
          runAsNonRoot: true
          runAsUser: 10001
          capabilities:
            drop:
              - all
            add:
              - NET_BIND_SERVICE
          readOnlyRootFilesystem: true
      nodeSelector:
        beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
  name: payment
  labels:
    name: payment
  namespace: sock-shop
spec:
  ports:
    # the port that this service should serve on
  - port: 80
    targetPort: 80
  selector:
    name: payment
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: queue-master
  labels:
    name: queue-master
  namespace: sock-shop
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: queue-master
    spec:
      containers:
      - name: queue-master
        image: weaveworksdemos/queue-master:0.3.1
        ports:
        - containerPort: 80
      nodeSelector:
        beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
  name: queue-master
  labels:
    name: queue-master
  annotations:
    prometheus.io/path: "/prometheus"
  namespace: sock-shop
spec:
  ports:
    # the port that this service should serve on
  - port: 80
    targetPort: 80
  selector:
    name: queue-master
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: rabbitmq
  labels:
    name: rabbitmq
  namespace: sock-shop
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: rabbitmq
    spec:
      containers:
      - name: rabbitmq
        image: rabbitmq:3.6.8
        ports:
        - containerPort: 5672
        securityContext:
          capabilities:
            drop:
              - all
            add:
              - CHOWN
              - SETGID
              - SETUID
              - DAC_OVERRIDE
          readOnlyRootFilesystem: true
      nodeSelector:
        beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
  name: rabbitmq
  labels:
    name: rabbitmq
  namespace: sock-shop
spec:
  ports:
    # the port that this service should serve on
  - port: 5672
    targetPort: 5672
  selector:
    name: rabbitmq
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: shipping
  labels:
    name: shipping
  namespace: sock-shop
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: shipping
    spec:
      containers:
      - name: shipping
        image: weaveworksdemos/shipping:0.4.8
        env:
         - name: ZIPKIN
           value: zipkin.jaeger.svc.cluster.local
         - name: JAVA_OPTS
           value: -Xms64m -Xmx128m -XX:PermSize=32m -XX:MaxPermSize=64m -XX:+UseG1GC -Djava.security.egd=file:/dev/urandom
        ports:
        - containerPort: 80
        securityContext:
          runAsNonRoot: true
          runAsUser: 10001
          capabilities:
            drop:
              - all
            add:
              - NET_BIND_SERVICE
          readOnlyRootFilesystem: true
        volumeMounts:
        - mountPath: /tmp
          name: tmp-volume
      volumes:
        - name: tmp-volume
          emptyDir:
            medium: Memory
      nodeSelector:
        beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
  name: shipping
  labels:
    name: shipping
  namespace: sock-shop
spec:
  ports:
    # the port that this service should serve on
  - port: 80
    targetPort: 80
  selector:
    name: shipping
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: user-db
  labels:
    name: user-db
  namespace: sock-shop
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: user-db
    spec:
      containers:
      - name: user-db
        image: weaveworksdemos/user-db:0.4.0
        ports:
        - name: mongo
          containerPort: 27017
        securityContext:
          capabilities:
            drop:
              - all
            add:
              - CHOWN
              - SETGID
              - SETUID
          readOnlyRootFilesystem: true
        volumeMounts:
        - mountPath: /tmp
          name: tmp-volume
      volumes:
        - name: tmp-volume
          emptyDir:
            medium: Memory
      nodeSelector:
        beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
  name: user-db
  labels:
    name: user-db
  namespace: sock-shop
spec:
  ports:
    # the port that this service should serve on
  - port: 27017
    targetPort: 27017
  selector:
    name: user-db
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: user
  labels:
    name: user
  namespace: sock-shop
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: user
    spec:
      containers:
      - name: user
        image: weaveworksdemos/user:0.4.7
        ports:
        - containerPort: 80
        env:
        - name: MONGO_HOST
          value: user-db:27017
        securityContext:
          runAsNonRoot: true
          runAsUser: 10001
          capabilities:
            drop:
              - all
            add:
              - NET_BIND_SERVICE
          readOnlyRootFilesystem: true
      nodeSelector:
        beta.kubernetes.io/os: linux
---
apiVersion: v1
kind: Service
metadata:
  name: user
  labels:
    name: user
  namespace: sock-shop
spec:
  ports:
    # the port that this service should serve on
  - port: 80
    targetPort: 80
  selector:
    name: user

 

 

 

먼저 해당 파일에서 namespace를 조회하여 생성해 준다.

ps0107@k8smaster1:~$ grep namespace complete-demo.yaml
namespace: sock-shop
.....

 

namespace 생성 (sock-shop)

ps0107@k8smaster1:~$ kubectl create namespace sock-shop
namespace/sock-shop created

 

생성된 namespace 확인

ps0107@k8smaster1:~$ kubectl get namespaces 
NAME              STATUS   AGE
default           Active   41h
kube-node-lease   Active   41h
kube-public       Active   41h
kube-system       Active   41h
sock-shop         Active   4s

 

어떤 이미지를 사용하는지 조회해본다.

ps0107@k8smaster1:~$ grep image complete-demo.yaml
image: mongo
image: weaveworksdemos/carts:0.4.8
image: weaveworksdemos/catalogue-db:0.3.0
image: weaveworksdemos/catalogue:0.3.5
image: weaveworksdemos/front-end:0.3.12 
image: mongo
image: weaveworksdemos/orders:0.4.7
image: weaveworksdemos/payment:0.4.3
image: weaveworksdemos/queue-master:0.3.1
image: rabbitmq:3.6.8
image: weaveworksdemos/shipping:0.4.8
image: weaveworksdemos/user-db:0.4.0
image: weaveworksdemos/user:0.4.7

 

yaml파일을 가지고 오브젝트들을 생성

ps0107@k8smaster1:~$ kubectl apply -n sock-shop -f complete-demo.yaml 
deployment.extensions/carts-db created
service/carts-db created
deployment.extensions/carts created
service/carts created
deployment.extensions/catalogue-db created
service/catalogue-db created
deployment.extensions/catalogue created
service/catalogue created
deployment.extensions/front-end created
service/front-end created
deployment.extensions/orders-db created
service/orders-db created
deployment.extensions/orders created
service/orders created
deployment.extensions/payment created
service/payment created
deployment.extensions/queue-master created
service/queue-master created
deployment.extensions/rabbitmq created
service/rabbitmq created
deployment.extensions/shipping created
service/shipping created
deployment.extensions/user-db created
service/user-db created
deployment.extensions/user created
service/user created

 

default namespace이기 때문에 원하는 pod 조회 안됨.

ps0107@k8smaster1:~$ kubectl get pods
No resources found.

 

namespace 지정하여 pod 조회  (현재 이미지 다운로드로 creating 인 pod 들도 보임)

ps0107@k8smaster1:~$ kubectl -n sock-shop get pods
NAME                            READY   STATUS              RESTARTS   AGE
carts-56c6fb966b-d26pm          0/1     ContainerCreating   0          26s
carts-db-5678cc578f-rkjw2       1/1     Running             0          27s
catalogue-644549d46f-6dm9l      0/1     ContainerCreating   0          26s
catalogue-db-6ddc796b66-fz4rb   0/1     ContainerCreating   0          26s
front-end-5594987df6-7z8bq      0/1     ContainerCreating   0          26s
orders-749cdc8c9-28ck4          0/1     ContainerCreating   0          26s
orders-db-5cfc68c4cf-m27dn      0/1     ContainerCreating   0          26s
payment-54f55b96b9-gnr9j        0/1     ContainerCreating   0          26s
queue-master-6fff667867-7qdvb   1/1     Running             0          26s
rabbitmq-bdfd84d55-47jnq        0/1     ContainerCreating   0          26s
shipping-78794fdb4f-btdf6       0/1     ContainerCreating   0          26s
user-77cff48476-6xs4q           1/1     Running             0          25s
user-db-99685d75b-vn4nb         0/1     ContainerCreating   0          25s

 

전체 pod들이 정상적으로 running 중임

ps0107@k8smaster1:~$ kubectl -n sock-shop get pods
NAME                            READY   STATUS    RESTARTS   AGE
carts-56c6fb966b-d26pm          1/1     Running   0          128m
carts-db-5678cc578f-rkjw2       1/1     Running   0          128m
catalogue-644549d46f-6dm9l      1/1     Running   0          128m
catalogue-db-6ddc796b66-fz4rb   1/1     Running   0          128m
front-end-5594987df6-7z8bq      1/1     Running   0          128m
orders-749cdc8c9-28ck4          1/1     Running   0          128m
orders-db-5cfc68c4cf-m27dn      1/1     Running   0          128m
payment-54f55b96b9-gnr9j        1/1     Running   0          128m
queue-master-6fff667867-7qdvb   1/1     Running   0          128m
rabbitmq-bdfd84d55-47jnq        1/1     Running   0          128m
shipping-78794fdb4f-btdf6       1/1     Running   0          128m
user-77cff48476-6xs4q           1/1     Running   0          128m
user-db-99685d75b-vn4nb         1/1     Running   0          128m

 

service 오브젝트 정보도 확인, nodeport 도 열려 있는것 확인

ps0107@k8smaster1:~$ kubectl get svc -n sock-shop -o wide
NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE    SELECTOR
carts          ClusterIP   10.102.194.127   <none>        80/TCP         128m   name=carts
carts-db       ClusterIP   10.97.167.191    <none>        27017/TCP      128m   name=carts-db
catalogue      ClusterIP   10.99.201.219    <none>        80/TCP         128m   name=catalogue
catalogue-db   ClusterIP   10.109.211.97    <none>        3306/TCP       128m   name=catalogue-db
front-end      NodePort    10.103.52.241    <none>        80:30001/TCP   128m   name=front-end
orders         ClusterIP   10.96.109.73     <none>        80/TCP         128m   name=orders
orders-db      ClusterIP   10.98.40.151     <none>        27017/TCP      128m   name=orders-db
payment        ClusterIP   10.111.222.131   <none>        80/TCP         128m   name=payment
queue-master   ClusterIP   10.97.112.129    <none>        80/TCP         128m   name=queue-master
rabbitmq       ClusterIP   10.99.108.228    <none>        5672/TCP       128m   name=rabbitmq
shipping       ClusterIP   10.96.188.9      <none>        80/TCP         128m   name=shipping
user           ClusterIP   10.105.20.37     <none>        80/TCP         128m   name=user
user-db        ClusterIP   10.109.61.22     <none>        27017/TCP      128m   name=user-db

 

docker 컨테이너들도 확인해 본다

ps0107@k8smaster1:~$ sudo docker ps
CONTAINER ID        IMAGE                          COMMAND                  CREATED             STATUS              PORTS               NAMES
8b7e15d810f6        weaveworksdemos/user           "/user -port=80"         2 hours ago         Up 2 hours                              k8s_user_user-77cff48476-6xs4q_sock-shop_68776733-5d43-4a4d-9806-1e4ece7e7c0c_0
37c63d58a542        weaveworksdemos/queue-master   "/usr/local/bin/java…"   2 hours ago         Up 2 hours                              k8s_queue-master_queue-master-6fff667867-7qdvb_sock-shop_02523db0-37ad-4a5b-a742-111723c28c32_0
a591ac7e683f        k8s.gcr.io/pause:3.1           "/pause"                 2 hours ago         Up 2 hours                              k8s_POD_user-77cff48476-6xs4q_sock-shop_68776733-5d43-4a4d-9806-1e4ece7e7c0c_0
64d2cf93e3bc        k8s.gcr.io/pause:3.1           "/pause"                 2 hours ago         Up 2 hours                              k8s_POD_queue-master-6fff667867-7qdvb_sock-shop_02523db0-37ad-4a5b-a742-111723c28c32_0
5b255b61a93e        eb516548c180                   "/coredns -conf /etc…"   44 hours ago        Up 44 hours                             k8s_coredns_coredns-5c98db65d4-fvz2k_kube-system_a4208d56-10d2-4958-b345-01603d5aa57b_0
df13b1015f61        k8s.gcr.io/pause:3.1           "/pause"                 44 hours ago        Up 44 hours                             k8s_POD_coredns-5c98db65d4-fvz2k_kube-system_a4208d56-10d2-4958-b345-01603d5aa57b_0
....

 

deployment 도 조회 해본다.

ps0107@k8smaster1:~$ kubectl get deployment --all-namespaces
NAMESPACE     NAME           READY   UP-TO-DATE   AVAILABLE   AGE
kube-system   calico-typha   0/0     0            0           43h
kube-system   coredns        2/2     2            2           43h
sock-shop     carts          1/1     1            1           129m
sock-shop     carts-db       1/1     1            1           129m
sock-shop     catalogue      1/1     1            1           129m
sock-shop     catalogue-db   1/1     1            1           129m
sock-shop     front-end      1/1     1            1           129m
sock-shop     orders         1/1     1            1           129m
sock-shop     orders-db      1/1     1            1           129m
sock-shop     payment        1/1     1            1           129m
sock-shop     queue-master   1/1     1            1           129m
sock-shop     rabbitmq       1/1     1            1           129m
sock-shop     shipping       1/1     1            1           129m
sock-shop     user           1/1     1            1           129m
sock-shop     user-db        1/1     1            1           129m

 

 

 


참조) CKA 대비 간단 실습

01. kubeadm 을 이용한 설치 및 세팅
02. kubernetes 클러스터 노드 확장 및 셋팅
03. 간단한 application 배포, yaml템플릿, 서비스 expose 해보기
04. deployment 의 CPU, Memory 제약
05. namespace 를 위한 resource limit 설정
06. 좀더 복잡한 deployment 배포해보기
07. 기본 Node 의 maintenance (유지보수)
08. API AND ACCESS
09. API 객체
10. Managing State with Deployments
11. Service Resource
12. Volumes and Data : ConfigMap 간단 테스트
13. PV 와 PVC 생성
14. ResourceQuota 사용 (PVC Count 와 Usage를 제한)
15. ingress 간단 실습
16. Scheduling - label 사용한 pod 할당
17. Scheduling - Taint를 이용한 pod 배포 관리
18. 로깅과 트러블슈팅 : 로그위치와 로그 출력 보기
19. 로깅과 트러블슈팅 : Metrics와 DashBoard
20. CRD (Custom Resource Definition)
21. helm
22. Security - TLS
23. Security - Authentication, Authorization, Admission
24. HA(High Availability) 구성 - master node