[kubernetes-실습] API 객체

RESTful API Access (토큰 기반 리소스 접근,  namespace 토큰 생성)

api server의 node의 ip와 port 확인, 클러스트 설정 정보 확인

ps0107@k8smaster1:~$ kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://k8smaster:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

 

bearer token 확인 필요

secrets : volume 리소스 유형중 하나 (크리티컬한 정보들도 pod간 공유, 자동 인코딩 되어 저장)    

ps0107@k8smaster1:~$ kubectl get secrets --all-namespaces
NAMESPACE         NAME                                             TYPE                                  DATA   AGE
default           default-token-76w5h                              kubernetes.io/service-account-token   3      5d3h
kube-node-lease   default-token-868ws                              kubernetes.io/service-account-token   3      5d3h
kube-public       default-token-vrv96                              kubernetes.io/service-account-token   3      5d3h
kube-system       attachdetach-controller-token-q6gnc              kubernetes.io/service-account-token   3      5d3h
kube-system       bootstrap-signer-token-52n72                     kubernetes.io/service-account-token   3      5d3h
kube-system       bootstrap-token-jaeaqt                           bootstrap.kubernetes.io/token         6      5d3h
kube-system       bootstrap-token-qa1m8y                           bootstrap.kubernetes.io/token         4      5d3h
kube-system       calico-node-token-9d74h                          kubernetes.io/service-account-token   3      5d3h
kube-system       certificate-controller-token-scw76               kubernetes.io/service-account-token   3      5d3h
kube-system       clusterrole-aggregation-controller-token-bzb8m   kubernetes.io/service-account-token   3      5d3h
kube-system       coredns-token-cmpj6                              kubernetes.io/service-account-token   3      5d3h
kube-system       cronjob-controller-token-rdp76                   kubernetes.io/service-account-token   3      5d3h
kube-system       daemon-set-controller-token-zrfl2                kubernetes.io/service-account-token   3      5d3h
kube-system       default-token-9xjr8                              kubernetes.io/service-account-token   3      5d3h
kube-system       deployment-controller-token-dghwg                kubernetes.io/service-account-token   3      5d3h
kube-system       disruption-controller-token-s5rdz                kubernetes.io/service-account-token   3      5d3h
kube-system       endpoint-controller-token-fk4gw                  kubernetes.io/service-account-token   3      5d3h
kube-system       expand-controller-token-xqdz5                    kubernetes.io/service-account-token   3      5d3h
kube-system       generic-garbage-collector-token-gg8l7            kubernetes.io/service-account-token   3      5d3h
kube-system       horizontal-pod-autoscaler-token-5xjpz            kubernetes.io/service-account-token   3      5d3h
kube-system       job-controller-token-ndn45                       kubernetes.io/service-account-token   3      5d3h
kube-system       kube-proxy-token-7jjl9                           kubernetes.io/service-account-token   3      5d3h
kube-system       kubeadm-certs                                    Opaque                                8      5d3h
kube-system       namespace-controller-token-z7vnn                 kubernetes.io/service-account-token   3      5d3h
kube-system       node-controller-token-jgg7f                      kubernetes.io/service-account-token   3      5d3h
kube-system       persistent-volume-binder-token-7qksk             kubernetes.io/service-account-token   3      5d3h
kube-system       pod-garbage-collector-token-9bgvk                kubernetes.io/service-account-token   3      5d3h
kube-system       pv-protection-controller-token-7nbqk             kubernetes.io/service-account-token   3      5d3h
kube-system       pvc-protection-controller-token-zssxk            kubernetes.io/service-account-token   3      5d3h
kube-system       replicaset-controller-token-59szg                kubernetes.io/service-account-token   3      5d3h
kube-system       replication-controller-token-5j78s               kubernetes.io/service-account-token   3      5d3h
kube-system       resourcequota-controller-token-95qgb             kubernetes.io/service-account-token   3      5d3h
kube-system       service-account-controller-token-d4fmk           kubernetes.io/service-account-token   3      5d3h
kube-system       service-controller-token-wbbpt                   kubernetes.io/service-account-token   3      5d3h
kube-system       statefulset-controller-token-hsk8b               kubernetes.io/service-account-token   3      5d3h
kube-system       token-cleaner-token-v8r9r                        kubernetes.io/service-account-token   3      5d3h
kube-system       ttl-controller-token-tjbl4                       kubernetes.io/service-account-token   3      5d3h
sock-shop         default-token-fjxvf                              kubernetes.io/service-account-token   3      3d6h

 

default namespace 인것 확인

ps0107@k8smaster1:~$ kubectl get secrets
NAME                  TYPE                                  DATA   AGE
default-token-76w5h   kubernetes.io/service-account-token   3      5d3h

 

해당 secret에 있는 token 정보 확인

ps0107@k8smaster1:~$ kubectl describe secret default-token-76w5h
Name:         default-token-76w5h
Namespace:    default
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: default
              kubernetes.io/service-account.uid: d063e90a-2b41-43a9-88c2-9e4e3e8839c9

Type:  kubernetes.io/service-account-token

Data
====
namespace:  7 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tNzZ3NWgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImQwNjNlOTBhLTJiNDEtNDNhOS04OGMyLTllNGUzZTg4MzljOSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.lLz_lHjoBNnzTsNQR4x8r7s2saIqVCRM1emPUjio9PyNXd02zHs9l-jGQS3PnvX1FyyK1eYHYUuk6OibR5MZqHJEblz22xjI1alniVVwAAxh3r7PmoQXdbYnLUZYxqu2XKc1XkWlnDK1TQmU6zMc0oUYLjsIYjrC0FZ7l8dju3dx3rlpVA9qD7nq1obmwGHKg7ItJW2s5od1DXKJfOo3Li4P5PVmfUR-VDVCR5glPUXS_jWfQp9FmMxWKfI95b-vzjNNYI-rzbBrHWqY_DN6c9Qm2eQsHKo7r5DT8XPKLv-wyH5RD1glqMcOwM8BObsJDjfamRp9cjS37FrEIDQqkw
ca.crt:     1025 bytes

 

token 정보를 변수에 export하여 저장

ps0107@k8smaster1:~$ export token=$(kubectl describe secret default-token-76w5h | grep ^token | cut -f7 -d ' ')

 

-k 옵션은 인증없이 사용한다

ps0107@k8smaster1:~$ curl https://k8smaster:6443/apis --header "Authorization: Bearer $token" -k
{
  "kind": "APIGroupList",
  "apiVersion": "v1",
  "groups": [
    {
      "name": "apiregistration.k8s.io",
      "versions": [
        {
          "groupVersion": "apiregistration.k8s.io/v1",
          "version": "v1"
        },
        {
          "groupVersion": "apiregistration.k8s.io/v1beta1",
          "version": "v1beta1"
        }
      ],
      "preferredVersion": {
        "groupVersion": "apiregistration.k8s.io/v1",
        "version": "v1"
      }
    },
.......

 

해당 토큰은 namespace의 권한이 없기 때문에 403 에러가 발생한다.

ps0107@k8smaster1:~$ curl https://k8smaster:6443/api/v1/namespaces --header "Authorization: Bearer $token" -k
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "namespaces is forbidden: User \"system:serviceaccount:default:default\" cannot list resource \"namespaces\" in API group \"\" at the cluster scope",
  "reason": "Forbidden",
  "details": {
    "kind": "namespaces"
  },
  "code": 403
}

 

namespace별 할당된 토큰이 pod가 런칭되었얼때 해당 토큰을 사용한다.
pod의 /var/run/secrets/kubernetes.io/serviceaccount/ 경로로 마운트 된것을 볼수 있다.

ps0107@k8smaster1:~$ kubectl run -it busybox --image=busybox --restart=Never
If you don't see a command prompt, try pressing enter.
/ # cd /var/run/secrets/kubernetes.io/serviceaccount/
/ # ls 
ca.crt     namespace  token
/ # cat token
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tNzZ3NWgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImQwNjNlOTBhLTJiNDEtNDNhOS04OGMyLTllNGUzZTg4MzljOSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.lLz_lHjoBNnzTsNQR4x8r7s2saIqVCRM1emPUjio9PyNXd02zHs9l-jGQS3PnvX1FyyK1eYHYUuk6OibR5MZqHJEblz22xjI1alniVVwAAxh3r7PmoQXdbYnLUZYxqu2XKc1XkWlnDK1TQmU6zMc0oUYLjsIYjrC0FZ7l8dju3dx3rlpVA9qD7nq1obmwGHKg7ItJW2s5od1DXKJfOo3Li4P5PVmfUR-VDVCR5glPUXS_jWfQp9FmMxWKfI95b-vzjNNYI-rzbBrHWqY_DN6c9Qm2eQsHKo7r5DT8XPKLv-wyH5RD1glqMcOwM8BObsJDjfamRp9cjS37FrEIDQqkw
/ # exit
ps0107@k8smaster1:~$

 

--restart={옵션}
1. Always : deployment 객체로 생성
2. Never : 단순 pod로 배포
3. Onfailure : Job기반

 

 

 


Proxy 사용해 보기

proxy 도움페이지 보기

ps0107@k8smaster1:~$ kubectl proxy -h
Creates a proxy server or application-level gateway between localhost and the Kubernetes API Server. It also allows
serving static content over specified HTTP path. All incoming data enters through one port and gets forwarded to the
remote kubernetes API Server port, except for the path matching the static content path.

Examples:
  # To proxy all of the kubernetes api and nothing else, use:

  $ kubectl proxy --api-prefix=/

  # To proxy only part of the kubernetes api and also some static files:

  $ kubectl proxy --www=/my/files --www-prefix=/static/ --api-prefix=/api/

  # The above lets you 'curl localhost:8001/api/v1/pods'.

  # To proxy the entire kubernetes api at a different root, use:

  $ kubectl proxy --api-prefix=/custom/

  # The above lets you 'curl localhost:8001/custom/api/v1/pods'

  # Run a proxy to kubernetes apiserver on port 8011, serving static content from ./local/www/
  kubectl proxy --port=8011 --www=./local/www/

  # Run a proxy to kubernetes apiserver on an arbitrary local port.
  # The chosen port for the server will be output to stdout.
  kubectl proxy --port=0

  # Run a proxy to kubernetes apiserver, changing the api prefix to k8s-api
  # This makes e.g. the pods api available at localhost:8001/k8s-api/v1/pods/
  kubectl proxy --api-prefix=/k8s-api

Options:
      --accept-hosts='^localhost$,^127\.0\.0\.1$,^\[::1\]$': Regular expression for hosts that the proxy should accept.
      --accept-paths='^.*': Regular expression for paths that the proxy should accept.
      --address='127.0.0.1': The IP address on which to serve on.
      --api-prefix='/': Prefix to serve the proxied API under.
      --disable-filter=false: If true, disable request filtering in the proxy. This is dangerous, and can leave you
vulnerable to XSRF attacks, when used with an accessible port.
      --keepalive=0s: keepalive specifies the keep-alive period for an active network connection. Set to 0 to disable
keepalive.
  -p, --port=8001: The port on which to run the proxy. Set to 0 to pick a random port.
      --reject-methods='^$': Regular expression for HTTP methods that the proxy should reject (example
--reject-methods='POST,PUT,PATCH').
      --reject-paths='^/api/.*/pods/.*/exec,^/api/.*/pods/.*/attach': Regular expression for paths that the proxy should
reject. Paths specified here will be rejected even accepted by --accept-paths.
  -u, --unix-socket='': Unix socket on which to run the proxy.
  -w, --www='': Also serve static files from the given directory under the specified prefix.
  -P, --www-prefix='/static/': Prefix to serve static files under, if static file directory is specified.

Usage:
  kubectl proxy [--port=PORT] [--www=static-dir] [--www-prefix=prefix] [--api-prefix=prefix] [options]

Use "kubectl options" for a list of global command-line options (applies to all commands).

 

인증 생략 하여 api 사용 (내부 전송이라 인증이 필요 없음)

background 로 실행 되고 api prefix 세팅

주로 개발자가 로컬에서 테스트하기 위해 endpoint 제공(인증 방식이 아니라 간단하게 사용 가능하다)

ps0107@k8smaster1:~$ kubectl proxy --api-prefix=/ &
[1] 16218
ps0107@k8smaster1:~$ Starting to serve on 127.0.0.1:8001

 

http://127.0.0.1:8001/ 로 테스트 가능

ps0107@k8smaster1:~$ curl http://127.0.0.1:8001/api/
{
  "kind": "APIVersions",
  "versions": [
    "v1"
  ],
  "serverAddressByClientCIDRs": [
    {
      "clientCIDR": "0.0.0.0/0",
      "serverAddress": "10.146.0.2:6443"
    }
  ]
}

ps0107@k8smaster1:~$  curl http://127.0.0.1:8001/api/v1/namespaces
{
  "kind": "NamespaceList",
  "apiVersion": "v1",
  "metadata": {
    "selfLink": "/api/v1/namespaces",
    "resourceVersion": "606177"
  },
  "items": [
    {
      "metadata": {
        "name": "default",
        "selfLink": "/api/v1/namespaces/default",
        "uid": "d001f113-42a9-49b6-ad1c-5dfdc9ce66fc",
        "resourceVersion": "149",
        "creationTimestamp": "2020-01-28T08:29:32Z"
      },
      "spec": {
        "finalizers": [
          "kubernetes"
        ]
      },
      "status": {
        "phase": "Active"
      }
    },
   .......

 

 

 


Job 사용

파라메터 설정 없이 기본 값으로 job 사용

# restartPolicy 옵션
- Always : deployment 객체로 생성
- Never : 단순 Pod로 배포
- Onfailure : Job기반
ps0107@k8smaster1:~$ vi job.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: sleepy
spec:
  template:
    spec:
      containers:
      - name: resting
        image: busybox
        command: ["/bin/sleep"]
        args: ["3"]
      restartPolicy: Never #-> 원래는 OnFailure : 한번의 success를 보장. 중간에 장애 발생시 재시작

 

job 생성      

ps0107@k8smaster1:~$ kubectl create -f job.yaml
job.batch/sleepy created

 

생성된 job 확인

ps0107@k8smaster1:~$ kubectl get job
NAME     COMPLETIONS   DURATION   AGE
sleepy   0/1           6s         6s

 

job 상세 확인

- Parallelism, Completions은 디폴트 값

- Pods Statuses 확인 해보면 1번 Success 확인

ps0107@k8smaster1:~$ kubectl describe jobs.batch sleepy
Name:           sleepy
Namespace:      default
Selector:       controller-uid=138bbff0-02ae-45a5-bc7f-335125602d16
Labels:         controller-uid=138bbff0-02ae-45a5-bc7f-335125602d16
                job-name=sleepy
Annotations:    <none>
Parallelism:    1  # -> 기본값
Completions:    1  # -> 기본값
Start Time:     Sun, 02 Feb 2020 14:09:21 +0000
Completed At:   Sun, 02 Feb 2020 14:09:29 +0000
Duration:       8s
Pods Statuses:  0 Running / 1 Succeeded / 0 Failed. # -> 성공 1회
.....

 

생성된 job 확인

ps0107@k8smaster1:~$ kubectl get job
NAME     COMPLETIONS   DURATION   AGE
sleepy   1/1           8s         51s

 

job 오브젝트 yaml 확인

- spec 부분에 backoffLimit, completions, parallelism 파라메터 확인 가능.

ps0107@k8smaster1:~$ kubectl get jobs.batch sleepy -o yaml
......
  uid: 138bbff0-02ae-45a5-bc7f-335125602d16
spec:
  backoffLimit: 6
  completions: 1
  parallelism: 1
  selector:
    matchLabels:
      controller-uid: 138bbff0-02ae-45a5-bc7f-335125602d16
......

 

생성한 오브젝트 삭제

ps0107@k8smaster1:~$ kubectl delete jobs.batch sleepy
job.batch "sleepy" deleted

 

completions 파라메터 설정 해보기

ps0107@k8smaster1:~$ vi job.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: sleepy
spec:
  completions: 5 # -> 추가
  template:
    spec:
      containers:
      - name: resting
        image: busybox
        command: ["/bin/sleep"]
        args: ["3"]
      restartPolicy: Never

 

job 오브젝트 생성

ps0107@k8smaster1:~$ kubectl create -f job.yaml
job.batch/sleepy created

 

job 배치 확인

ps0107@k8smaster1:~$ kubectl get jobs.batch
NAME     COMPLETIONS   DURATION   AGE
sleepy   1/5           7s         7s

 

pod 확인

ps0107@k8smaster1:~$ kubectl get pods
NAME           READY   STATUS      RESTARTS   AGE
sleepy-94mw8   1/1     Running     0          4s
sleepy-cl8px   0/1     Completed   0          18s
sleepy-pffgc   0/1     Completed   0          11s

ps0107@k8smaster1:~$ kubectl get pods
NAME           READY   STATUS              RESTARTS   AGE
sleepy-94mw8   0/1     Completed           0          15s
sleepy-cl8px   0/1     Completed           0          29s
sleepy-pffgc   0/1     Completed           0          22s
sleepy-r8qpw   0/1     ContainerCreating   0          1s
sleepy-wf2xt   0/1     Completed           0          8s

 

생성한 job 오브젝트 삭제

ps0107@k8smaster1:~$ kubectl delete jobs.batch sleepy
job.batch "sleepy" deleted

 

parallelism 파라메터(병렬처리) 설정 해보기

parallelism 파라메터 추가

ps0107@k8smaster1:~$ vi job.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: sleepy
spec: # -> pod 2개로 5회 완성이란 의미
  completions: 5
  parallelism: 2 # -> 병렬 처리
  template:
    spec:
      containers:
      - name: resting
        image: busybox
        command: ["/bin/sleep"]
        args: ["3"]
      restartPolicy: Never

 

job 오브젝트 생성

ps0107@k8smaster1:~$ kubectl create -f job.yaml
job.batch/sleepy created

 

pod 상태 확인

ps0107@k8smaster1:~$ kubectl get pods
NAME           READY   STATUS              RESTARTS   AGE
sleepy-2v8jd   0/1     ContainerCreating   0          6s
sleepy-xbj79   1/1     Running             0          6s

ps0107@k8smaster1:~$ kubectl get pods
NAME           READY   STATUS              RESTARTS   AGE
sleepy-2v8jd   0/1     Completed           0          13s
sleepy-t4kgz   0/1     ContainerCreating   0          2s
sleepy-tl4rv   1/1     Running             0          5s
sleepy-xbj79   0/1     Completed           0          13s

ps0107@k8smaster1:~$ kubectl get pods
NAME           READY   STATUS              RESTARTS   AGE
sleepy-2v8jd   0/1     Completed           0          17s
sleepy-g87m4   0/1     ContainerCreating   0          2s
sleepy-t4kgz   1/1     Running             0          6s
sleepy-tl4rv   0/1     Completed           0          9s
sleepy-xbj79   0/1     Completed           0          17s

 

job 오브젝트 삭제

ps0107@k8smaster1:~$ kubectl delete jobs.batch sleepy
job.batch "sleepy" deleted

 

activeDeadlineSeconds 설정 해보기

duration 지정, 15초안에 complete 안되면 uncomplete 됨. (참고로 이시간은 pod 생성 시간까지 포함됨)

ps0107@k8smaster1:~$ vi job.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: sleepy
spec:
  completions: 5
  parallelism: 2
  activeDeadlineSeconds: 15 # -> duration 지정. 15초 안에 complete안되면 uncomplete됨. pod생성 시간 포함.
  template:
    spec:
      containers:
      - name: resting
        image: busybox
        command: ["/bin/sleep"]
        args: ["5"] 
      restartPolicy: Never

 

job 오브젝트 생성

ps0107@k8smaster1:~$ kubectl create -f job.yaml
job.batch/sleepy created

 

pod 상태 확인

ps0107@k8smaster1:~$ kubectl get pods
NAME           READY   STATUS              RESTARTS   AGE
sleepy-rfd4q   0/1     ContainerCreating   0          5s
sleepy-rtrk7   1/1     Running             0          5s

ps0107@k8smaster1:~$ kubectl get pods
NAME           READY   STATUS    RESTARTS   AGE
sleepy-rfd4q   1/1     Running   0          8s
sleepy-rtrk7   1/1     Running   0          8s

ps0107@k8smaster1:~$ kubectl get pods
NAME           READY   STATUS              RESTARTS   AGE
sleepy-cqv8t   0/1     ContainerCreating   0          0s
sleepy-rfd4q   1/1     Running             0          10s
sleepy-rtrk7   0/1     Completed           0          10s

 

job 확인

ps0107@k8smaster1:~$ kubectl get jobs
NAME     COMPLETIONS   DURATION   AGE
sleepy   2/5           20s        20s

ps0107@k8smaster1:~$ kubectl get jobs
NAME     COMPLETIONS   DURATION   AGE
sleepy   2/5           24s        24s

ps0107@k8smaster1:~$ kubectl get jobs
NAME     COMPLETIONS   DURATION   AGE
sleepy   2/5           82s        82s

ps0107@k8smaster1:~$ kubectl get job sleepy -o yaml
......
status:
  conditions:
  - lastProbeTime: "2020-02-02T14:15:25Z"
    lastTransitionTime: "2020-02-02T14:15:25Z"
    message: Job was active longer than specified deadline
    reason: DeadlineExceeded
    status: "True"
    type: Failed
  failed: 2
  startTime: "2020-02-02T14:15:10Z"
  succeeded: 2

 

job 오브젝트 삭제

ps0107@k8smaster1:~$ kubectl delete jobs.batch sleepy
job.batch "sleepy" deleted

 

 

 


CronJob 사용

cronjob 기본

ps0107@k8smaster1:~$ vi cronjob.yaml
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: sleepy
spec:
  schedule: "*/2 * * * *"
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: resting
            image: busybox
            command: ["/bin/sleep"]
            args: ["5"]
          restartPolicy: Never

 

cronjob 객체 생성          

ps0107@k8smaster1:~$ kubectl create -f cronjob.yaml
cronjob.batch/sleepy created

 

cronjob 상태 확인

ps0107@k8smaster1:~$ kubectl get cronjobs.batch
NAME     SCHEDULE      SUSPEND   ACTIVE   LAST SCHEDULE   AGE
sleepy   */2 * * * *   False     0        <none>          11s

ps0107@k8smaster1:~$ kubectl get jobs.batch
No resources found.

ps0107@k8smaster1:~$ kubectl get cronjobs.batch
NAME     SCHEDULE      SUSPEND   ACTIVE   LAST SCHEDULE   AGE
sleepy   */2 * * * *   False     0        31s             2m25s

ps0107@k8smaster1:~$ kubectl get jobs.batch
NAME                COMPLETIONS   DURATION   AGE
sleepy-1580655480   1/1           10s        28s

 

2분 후 새로운 job 확인

ps0107@k8smaster1:~$ kubectl get jobs.batch
NAME                COMPLETIONS   DURATION   AGE
sleepy-1580655480   1/1           10s        2m6s
sleepy-1580655600   0/1           5s         5s

ps0107@k8smaster1:~$ kubectl delete cronjobs.batch sleepy
cronjob.batch "sleepy" deleted

 

cronjob activeDeadlineSeconds 파라메터 추가

ps0107@k8smaster1:~$ vi cronjob.yaml
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: sleepy
spec:
  schedule: "*/2 * * * *"
  jobTemplate:
    spec:
      template:
        spec:
          activeDeadlineSeconds: 10 # -> 10초 지나면 강제 종료
          containers:
          - name: resting
            image: busybox
            command: ["/bin/sleep"]
            args: ["5"]
          restartPolicy: Never

ps0107@k8smaster1:~$ kubectl create -f cronjob.yaml
cronjob.batch/sleepy created

 

생성후 처음엔 job이 없음.

ps0107@k8smaster1:~$ kubectl get jobs
No resources found.

ps0107@k8smaster1:~$ kubectl get cronjobs.batch
NAME     SCHEDULE      SUSPEND   ACTIVE   LAST SCHEDULE   AGE
sleepy   */2 * * * *   False     1        8s              30s

ps0107@k8smaster1:~$ kubectl get jobs
NAME                COMPLETIONS   DURATION   AGE
sleepy-1580655720   1/1           9s         9s

ps0107@k8smaster1:~$ kubectl get cronjobs.batch
NAME     SCHEDULE      SUSPEND   ACTIVE   LAST SCHEDULE   AGE
sleepy   */2 * * * *   False     0        36s             58s

ps0107@k8smaster1:~$ kubectl get jobs
NAME                COMPLETIONS   DURATION   AGE
sleepy-1580655720   1/1           9s         38s

ps0107@k8smaster1:~$ kubectl get cronjobs.batch
NAME     SCHEDULE      SUSPEND   ACTIVE   LAST SCHEDULE   AGE
sleepy   */2 * * * *   False     0        47s             69s

ps0107@k8smaster1:~$ kubectl get jobs
NAME                COMPLETIONS   DURATION   AGE
sleepy-1580655720   1/1           9s         2m6s
sleepy-1580655840   0/1           6s         6s

ps0107@k8smaster1:~$ kubectl get cronjobs.batch
NAME     SCHEDULE      SUSPEND   ACTIVE   LAST SCHEDULE   AGE
sleepy   */2 * * * *   False     1        14s             2m36s

ps0107@k8smaster1:~$ kubectl get jobs
NAME                COMPLETIONS   DURATION   AGE
sleepy-1580655720   1/1           9s         2m15s
sleepy-1580655840   0/1           15s        15s

ps0107@k8smaster1:~$ kubectl get cronjobs.batch
NAME     SCHEDULE      SUSPEND   ACTIVE   LAST SCHEDULE   AGE
sleepy   */2 * * * *   False     1        25s             2m47s

ps0107@k8smaster1:~$ kubectl get cronjobs.batch
NAME     SCHEDULE      SUSPEND   ACTIVE   LAST SCHEDULE   AGE
sleepy   */2 * * * *   False     1        6s              4m28s

 

오브젝트 삭제

ps0107@k8smaster1:~$ kubectl delete cronjobs.batch sleepy
cronjob.batch "sleepy" deleted

 


참조) CKA 대비 간단 실습

01. kubeadm 을 이용한 설치 및 세팅
02. kubernetes 클러스터 노드 확장 및 셋팅
03. 간단한 application 배포, yaml템플릿, 서비스 expose 해보기
04. deployment 의 CPU, Memory 제약
05. namespace 를 위한 resource limit 설정
06. 좀더 복잡한 deployment 배포해보기
07. 기본 Node 의 maintenance (유지보수)
08. API AND ACCESS
09. API 객체
10. Managing State with Deployments
11. Service Resource
12. Volumes and Data : ConfigMap 간단 테스트
13. PV 와 PVC 생성
14. ResourceQuota 사용 (PVC Count 와 Usage를 제한)
15. ingress 간단 실습
16. Scheduling - label 사용한 pod 할당
17. Scheduling - Taint를 이용한 pod 배포 관리
18. 로깅과 트러블슈팅 : 로그위치와 로그 출력 보기
19. 로깅과 트러블슈팅 : Metrics와 DashBoard
20. CRD (Custom Resource Definition)
21. helm
22. Security - TLS
23. Security - Authentication, Authorization, Admission
24. HA(High Availability) 구성 - master node