├── README.md ├── chapter10 ├── alicek106-csr-k8s-latest.yaml ├── alicek106-csr.yaml ├── clusterrole-aggregation.yaml ├── clusterrolebinding-nodes-reader.yaml ├── deployment-nginx.yaml ├── list-service-and-pod.py ├── nodes-reader-clusterrole.yaml ├── nonresource-url-clusterrole.yaml ├── rolebinding-service-reader.yaml ├── sa-deploy-nginx.yaml ├── sa-pod-python-sdk-Dockerfile │ └── Dockerfile ├── sa-pod-python-sdk.yaml ├── sa-reg-auth.yaml ├── service-read-role-all-sa.yaml ├── service-reader-role.yaml ├── x509-cert-rolebinding-group.yaml └── x509-cert-rolebinding-user.yaml ├── chapter11-1 ├── deployment-over-memory.yaml ├── limitrange-example-pod.yaml ├── limitrange-example.yaml ├── limitrange-ratio.yaml ├── nginx-besteffort-pod.yaml ├── quota-limit-besteffort.yaml ├── quota-limit-pod-svc.yaml ├── resource-limit-pod-guaranteed.yaml ├── resource-limit-pod.yaml ├── resource-limit-with-request-pod.yaml └── resource-quota.yaml ├── chapter11-2 ├── custom-scheduled-pod.yaml ├── custom-scheduler-python │ └── __main__.py ├── deployment-exclusive.yaml ├── deployment-nginx-node-selector.yaml ├── deployment-pdb-test.yaml ├── nodeaffinity-preferred.yaml ├── nodeaffinity-required.yaml ├── nodename-nginx.yaml ├── nodeselector-nginx.yaml ├── pod-antiaffinity-preferred.yaml ├── pod-antiaffinity-required.yaml ├── podaffinity-hostname-topology.yaml ├── podaffinity-required.yaml ├── simple-pdb-example.yaml ├── toleration-master.yaml └── toleration-test.yaml ├── chapter11-3 ├── completed-pod-restart-never.yaml ├── completed-pod.yaml ├── deployment-history-limit.yaml ├── deployment-recreate-v1.yaml ├── deployment-recreate-v2.yaml ├── deployment-rolling-update.yaml ├── deployment-v1.yaml ├── deployment-v2.yaml ├── error-pod-restart-never.yaml ├── init-container-example.yaml ├── init-container-usecase.yaml ├── livenessprobe-pod.yaml ├── minreadyseconds-v1.yaml ├── minreadyseconds-v2.yaml ├── poststart-hook.yaml ├── prestop-hook.yaml ├── probe-options.yaml ├── readinessprobe-pod-svc.yaml ├── rolling-update-example-v1.yaml ├── rolling-update-example-v2.yaml └── termination-grace-period-seconds.yaml ├── chapter12 ├── my-cr-example.yaml ├── my-crd-example-k8s-latest.yaml └── my-crd-example.yaml ├── chapter13 ├── cronjob-example-k8s-latest.yaml ├── cronjob-example.yaml ├── daemonset-example.yaml ├── job-comple-parallel.yaml ├── job-completions.yaml ├── job-hello-world.yaml ├── job-parallelism.yaml ├── statefulset-example.yaml └── statefulset-volume.yaml ├── chapter14 ├── components.yaml ├── grafana.yaml ├── kube-state-metrics-serviceMonitor.yaml ├── kubelet-serviceMonitor.yaml ├── node-exporter-serviceMonitor.yaml ├── node-exporter │ ├── monitoring-namespace.yaml │ ├── node-exporter-daemonset.yaml │ ├── node-exporter-service.yaml │ └── node-exporter-serviceAccount.yaml ├── prometheus-clusterRole.yaml ├── prometheus-clusterRoleBinding.yaml ├── prometheus-sa-configured.yaml ├── prometheus-serviceAccount.yaml └── prometheus-simple.yaml ├── chapter2 ├── fluentd_mongo │ ├── Dockerfile │ ├── fluent.conf │ ├── log │ │ └── .keep │ └── plugins │ │ └── .keep └── nginx │ └── nginx.conf ├── chapter3 └── nfs-server │ ├── Dockerfile │ ├── entrypoint.sh │ ├── exports_example │ ├── nfs-kernel-server │ ├── options │ └── services ├── chapter6 ├── deployment-hostname.yaml ├── deployment-nginx.yaml ├── external-svc.yaml ├── hostname-svc-clusterip.yaml ├── hostname-svc-lb-local.yaml ├── hostname-svc-lb.yaml ├── hostname-svc-nlb.yaml ├── hostname-svc-nodeport-affinity.yaml ├── hostname-svc-nodeport-custom.yaml ├── hostname-svc-nodeport.yaml ├── nginx-pod-with-ubuntu.yaml ├── nginx-pod-without-rs.yaml ├── nginx-pod.yaml ├── replicaset-nginx-4pods.yaml ├── replicaset-nginx-match-expression.yaml └── replicaset-nginx.yaml ├── chapter7 ├── all-env-from-configmap.yaml ├── deployment-from-private-repo.yaml ├── env-from-secret.yaml ├── env-hard-coding-deployment.yaml ├── hostname-deploy-svc-ns.yaml ├── kustomization.yaml ├── multiple-keyvalue.env ├── my-configmap.yaml ├── production-namespace.yaml ├── selective-env-from-configmap.yaml ├── selective-env-from-secret.yaml ├── selective-mount-secret.yaml ├── selective-volume-configmap.yaml ├── volume-mount-configmap.yaml └── volume-mount-secret.yaml ├── chapter8 ├── hostname-deployment.yaml ├── hostname-service.yaml ├── ingress-custom-class-k8s-latest.yaml ├── ingress-custom-class.yaml ├── ingress-example-k8s-latest.yaml ├── ingress-example.yaml ├── ingress-nginx-svc-nodeport.yaml ├── ingress-rewrite-target-k8s-latest.yaml ├── ingress-rewrite-target.yaml ├── ingress-service-lb.yaml ├── ingress-tls-k8s-latest.yaml ├── ingress-tls.yaml ├── minimal-ingress-k8s-latest.yaml └── minimal-ingress.yaml ├── chapter9 ├── ebs-pod-pvc-custom-sc.yaml ├── ebs-pod-pvc-label-selector.yaml ├── ebs-pod-pvc.yaml ├── ebs-pv-delete.yaml ├── ebs-pv-label.yaml ├── ebs-pv-storageclass.yaml ├── ebs-pv.yaml ├── emptydir-pod.yaml ├── hostpath-pod.yaml ├── nfs-deployment.yaml ├── nfs-pod.yaml ├── nfs-service.yaml ├── pvc-fast-sc.yaml ├── storageclass-default.yaml ├── storageclass-fast.yaml └── storageclass-slow.yaml ├── kubeadm-terraform ├── aws.tf ├── example │ ├── deployment.yaml │ └── service-lb.yaml ├── iam.tf ├── instances.tf ├── network.tf └── variables.tf └── lecture4-nginx-ingress.md /README.md: -------------------------------------------------------------------------------- 1 | # 시작하세요! 도커, 그리고 쿠버네티스 2 | 3 | ⚠️ **2024년 이전의 개정판에 해당하는 예제 코드입니다.** 2025년 개정판 예제는 [여기](https://github.com/alicek106/start-docker-kubernetes-renewal)를 참고해주세요! 4 | 5 | 위키북스 '시작하세요! 도커, 그리고 쿠버네티스' 책에서 쓰이는 예제와 강의를 모아둔 저장소입니다. 책 내용의 질문을 issue에 올려주셔도 됩니다. 6 | 7 | ## 1부. Docker 8 | 9 | - chapter 2 : fluentd_mongo 10 | - chapter 3 : nfs_server 11 | 12 | ## 2부. Kubernetes 13 | 14 | ### 책의 예제에서 사용하는 YAML 파일 목록 15 | 16 | - chapter 6 : [포드, 레플리카셋, 디플로이먼트, 서비스](https://github.com/alicek106/start-docker-kubernetes/tree/master/chapter6) 17 | - chapter 7 : [네임스페이스, 컨피그맵, 시크릿](https://github.com/alicek106/start-docker-kubernetes/tree/master/chapter7) 18 | - chapter 8 : [인그레스](https://github.com/alicek106/start-docker-kubernetes/tree/master/chapter8) 19 | - chapter 9 : [퍼시스턴트 볼륨, 퍼시스턴트 볼륨 클레임](https://github.com/alicek106/start-docker-kubernetes/tree/master/chapter9) 20 | - chapter 10 : [서비스 어카운트, RBAC](https://github.com/alicek106/start-docker-kubernetes/tree/master/chapter10) 21 | - chapter 11-1: [리소스 관리](https://github.com/alicek106/start-docker-kubernetes/tree/master/chapter11-1) 22 | - chapter 11-2 : [스케줄링](https://github.com/alicek106/start-docker-kubernetes/tree/master/chapter11-2) 23 | - chapter 11-3 : [애플리케이션 상태와 배포](https://github.com/alicek106/start-docker-kubernetes/tree/master/chapter11-3) 24 | - chapter 12 : [커스텀 리소스](https://github.com/alicek106/start-docker-kubernetes/tree/master/chapter12) 25 | - chapter 13 : [포드를 사용하는 다른 리소스 (스테이트풀셋, 잡, 데몬셋)](https://github.com/alicek106/start-docker-kubernetes/tree/master/chapter13) 26 | 27 | ## 그 밖의 유용한 강좌 링크 28 | 29 | 1. [AWS에서 kubeadm로 클라우드 프로바이더를 설정해 쿠버네티스 설치하기](https://blog.naver.com/alice_k106/221696987140) 30 | 2. [kops 설치 시, IAM 역할 및 사용자 생성하기](https://blog.naver.com/alice_k106/221342005691) 31 | 3. [쿠버네티스 컴포넌트의 실행 옵션 변경하기](https://blog.naver.com/alice_k106/221737477464) 32 | 4. [쿠버네티스 버전이 너무 낮을 때 Nginx Ingress 포드가 Pending으로 뜨는 현상](./lecture4-nginx-ingress.md) 33 | 5. [GKE에서 Google Persistent Disk를 사용해 퍼시스턴트 볼륨 사용하기](https://blog.naver.com/alice_k106/221737984779) 34 | 6. [Dex와 Guard를 이용한 쿠버네티스 사용자 인증 방법](https://blog.naver.com/alice_k106/221598325656) 35 | 7. [CPU Affinity를 위해 CPU Manager 사용하기](https://blog.naver.com/alice_k106/221633530545) 36 | 8. [애드미션 컨트롤러를 직접 구현해보기](https://blog.naver.com/alice_k106/221546328906) 37 | 9. [커스텀 리소스의 제어를 위한 Operator 직접 구현해보기](https://blog.naver.com/alice_k106/221586279079) 38 | 39 | -------------------------------------------------------------------------------- /chapter10/alicek106-csr-k8s-latest.yaml: -------------------------------------------------------------------------------- 1 | # 쿠버네티스 1.19 버전부터 새로운 CSR 리소스 형식이 도입되었습니다. 2 | # 최신 버전 (1.22 버전 이상) 의 쿠버네티스를 사용하고 있다면 아래의 리소스를 사용해주세요. 3 | apiVersion: certificates.k8s.io/v1 4 | kind: CertificateSigningRequest 5 | metadata: 6 | name: alicek106-csr 7 | spec: 8 | signerName: kubernetes.io/kube-apiserver-client 9 | groups: 10 | - system:authenticated 11 | request: 12 | usages: 13 | - digital signature 14 | - key encipherment 15 | - client auth 16 | -------------------------------------------------------------------------------- /chapter10/alicek106-csr.yaml: -------------------------------------------------------------------------------- 1 | # 이 YAML 파일은 쿠버네티스 버전 1.22 이상에서는 사용할 수 없습니다. 2 | # 최신 버전의 쿠버네티스를 사용하고 있다면 alicek106-csr-k8s-latest.yaml 파일을 통해 실습을 진행해주세요 3 | apiVersion: certificates.k8s.io/v1beta1 4 | kind: CertificateSigningRequest 5 | metadata: 6 | name: alicek106-csr 7 | spec: 8 | groups: 9 | - system:authenticated 10 | request: 11 | usages: 12 | - digital signature 13 | - key encipherment 14 | - client auth 15 | -------------------------------------------------------------------------------- /chapter10/clusterrole-aggregation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: grand-parent-clusterrole 5 | labels: 6 | rbac.authorization.k8s.io/aggregate-to-parent-clusterrole: "true" 7 | rules: [] 8 | #- apiGroups: [""] 9 | # resources: ["nodes"] 10 | # verbs: ["get", "list"] 11 | --- 12 | apiVersion: rbac.authorization.k8s.io/v1 13 | kind: ClusterRole 14 | aggregationRule: 15 | clusterRoleSelectors: 16 | - matchLabels: 17 | rbac.authorization.k8s.io/aggregate-to-parent-clusterrole: "true" 18 | metadata: 19 | name: parent-clusterrole 20 | labels: 21 | rbac.authorization.k8s.io/aggregate-to-child-clusterrole: "true" 22 | rules: [] 23 | --- 24 | apiVersion: rbac.authorization.k8s.io/v1 25 | kind: ClusterRole 26 | metadata: 27 | name: child-clusterrole 28 | aggregationRule: 29 | clusterRoleSelectors: 30 | - matchLabels: 31 | rbac.authorization.k8s.io/aggregate-to-child-clusterrole: "true" 32 | rules: [] # 어떠한 권한도 정의하지 않았습니다. 33 | --- 34 | apiVersion: v1 35 | kind: ServiceAccount 36 | metadata: 37 | name: node-reader-test 38 | namespace: default 39 | --- 40 | apiVersion: rbac.authorization.k8s.io/v1 41 | kind: ClusterRoleBinding 42 | metadata: 43 | name: parent-clusterrolebinding 44 | subjects: 45 | - kind: ServiceAccount 46 | name: node-reader-test 47 | namespace: default 48 | roleRef: 49 | kind: ClusterRole 50 | name: child-clusterrole 51 | apiGroup: rbac.authorization.k8s.io 52 | -------------------------------------------------------------------------------- /chapter10/clusterrolebinding-nodes-reader.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: nodes-reader-clusterrolebinding 5 | namespace: default 6 | subjects: 7 | - kind: ServiceAccount 8 | name: alicek106 9 | namespace: default 10 | roleRef: 11 | kind: ClusterRole 12 | name: nodes-reader 13 | apiGroup: rbac.authorization.k8s.io 14 | -------------------------------------------------------------------------------- /chapter10/deployment-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: my-nginx-deployment 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: my-nginx 10 | template: 11 | metadata: 12 | name: my-nginx-pod 13 | labels: 14 | app: my-nginx 15 | spec: 16 | containers: 17 | - name: nginx 18 | image: nginx:1.10 19 | ports: 20 | - containerPort: 80 21 | -------------------------------------------------------------------------------- /chapter10/list-service-and-pod.py: -------------------------------------------------------------------------------- 1 | from kubernetes import client, config 2 | config.load_incluster_config() # 1 3 | 4 | try: 5 | print('Trying to list service..') 6 | result = client.CoreV1Api().list_namespaced_service(namespace='default') # 2 7 | for item in result.items: 8 | print('-> {}'.format(item.metadata.name)) 9 | except client.rest.ApiException as e: 10 | print(e) 11 | 12 | print('----') 13 | 14 | try: 15 | print('Trying to list pod..') 16 | result = client.CoreV1Api().list_namespaced_pod(namespace='default') # 3 17 | for item in result.items: 18 | print(item.metadata.name) 19 | except client.rest.ApiException as e: 20 | print(e) 21 | -------------------------------------------------------------------------------- /chapter10/nodes-reader-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | namespace: default 5 | name: nodes-reader 6 | rules: 7 | - apiGroups: [""] 8 | resources: ["nodes"] 9 | verbs: ["get", "list"] 10 | 11 | -------------------------------------------------------------------------------- /chapter10/nonresource-url-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1beta1 2 | kind: ClusterRole 3 | metadata: 4 | name: api-url-access 5 | rules: 6 | - nonResourceURLs: ["/metrics", "/logs"] 7 | verbs: ["get"] 8 | --- 9 | apiVersion: rbac.authorization.k8s.io/v1beta1 10 | kind: ClusterRoleBinding 11 | metadata: 12 | name: api-url-access-rolebinding 13 | roleRef: 14 | apiGroup: rbac.authorization.k8s.io 15 | kind: ClusterRole 16 | name: api-url-access 17 | subjects: 18 | - kind: ServiceAccount 19 | name: alicek106 20 | namespace: default 21 | -------------------------------------------------------------------------------- /chapter10/rolebinding-service-reader.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: service-reader-rolebinding 5 | namespace: default 6 | subjects: 7 | - kind: ServiceAccount 8 | name: alicek106 9 | namespace: default 10 | roleRef: 11 | kind: Role 12 | name: service-reader 13 | apiGroup: rbac.authorization.k8s.io 14 | -------------------------------------------------------------------------------- /chapter10/sa-deploy-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hostname-deployment 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: webserver 10 | template: 11 | metadata: 12 | name: my-webserver 13 | labels: 14 | app: webserver 15 | spec: 16 | serviceAccountName: alicek106 17 | containers: 18 | - name: my-webserver 19 | image: alicek106/rr-test:echo-hostname 20 | ports: 21 | - containerPort: 80 22 | -------------------------------------------------------------------------------- /chapter10/sa-pod-python-sdk-Dockerfile/Dockerfile: -------------------------------------------------------------------------------- 1 | # Base image source : https://github.com/alicek106/python-vim-devel 2 | FROM alicek106/python-vim-devel:0.0 3 | RUN pip3 install kubernetes 4 | CMD ["tail", "-f", "/dev/null"] 5 | -------------------------------------------------------------------------------- /chapter10/sa-pod-python-sdk.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: k8s-python-sdk 5 | spec: 6 | serviceAccountName: alicek106 7 | containers: 8 | - name: k8s-python-sdk 9 | image: alicek106/k8s-sdk-python:latest 10 | -------------------------------------------------------------------------------- /chapter10/sa-reg-auth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: reg-auth-alicek106 5 | namespace: default 6 | imagePullSecrets: 7 | - name: registry-auth 8 | 9 | -------------------------------------------------------------------------------- /chapter10/service-read-role-all-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: service-reader-rolebinding 5 | subjects: 6 | - kind: Group 7 | name: system:serviceaccounts 8 | roleRef: 9 | kind: ClusterRole # 클러스터 롤 바인딩에서 연결할 권한은 클러스터 롤이여야 합니다. 10 | name: service-reader 11 | apiGroup: rbac.authorization.k8s.io 12 | 13 | -------------------------------------------------------------------------------- /chapter10/service-reader-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | namespace: default 5 | name: service-reader 6 | rules: 7 | - apiGroups: [""] # 1. 대상이 될 오브젝트의 API 그룹 8 | resources: ["services"] # 2. 대상이 될 오브젝트의 이름 9 | verbs: ["get", "list"] # 3. 어떠한 동작을 허용할 것인지 명시 10 | -------------------------------------------------------------------------------- /chapter10/x509-cert-rolebinding-group.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: service-reader-rolebinding-group 5 | namespace: default 6 | subjects: 7 | - kind: Group 8 | name: alicek106-org 9 | roleRef: 10 | kind: Role 11 | name: service-reader 12 | apiGroup: rbac.authorization.k8s.io 13 | -------------------------------------------------------------------------------- /chapter10/x509-cert-rolebinding-user.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: service-reader-rolebinding-user 5 | namespace: default 6 | subjects: 7 | - kind: User 8 | name: alicek106-cert 9 | roleRef: 10 | kind: Role 11 | name: service-reader 12 | apiGroup: rbac.authorization.k8s.io 13 | -------------------------------------------------------------------------------- /chapter11-1/deployment-over-memory.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: deployment-over-memory 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: nginx 9 | template: 10 | metadata: 11 | name: nginx 12 | labels: 13 | app: nginx 14 | spec: 15 | containers: 16 | - name: nginx 17 | image: nginx 18 | resources: 19 | limits: 20 | memory: "3000Mi" 21 | cpu: "1000m" 22 | requests: 23 | memory: "128Mi" 24 | cpu: "500m" 25 | -------------------------------------------------------------------------------- /chapter11-1/limitrange-example-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: LimitRange 3 | metadata: 4 | name: pod-limit-range 5 | spec: 6 | limits: 7 | - max: 8 | memory: 1Gi 9 | min: 10 | memory: 200Mi 11 | type: Pod 12 | -------------------------------------------------------------------------------- /chapter11-1/limitrange-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: LimitRange 3 | metadata: 4 | name: mem-limit-range 5 | spec: 6 | limits: 7 | - default: # 1. 자동으로 설정될 기본 Limit 값 8 | memory: 256Mi 9 | cpu: 200m 10 | defaultRequest: # 2. 자동으로 설정될 기본 Request 값 11 | memory: 128Mi 12 | cpu: 100m 13 | max: # 3. 자원 할당량의 최대값 14 | memory: 1Gi 15 | cpu: 1000m 16 | min: # 4. 자원 할당량의 최소값 17 | memory: 16Mi 18 | cpu: 50m 19 | type: Container # 5. 각 컨테이너에 대해서 적용 20 | -------------------------------------------------------------------------------- /chapter11-1/limitrange-ratio.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: LimitRange 3 | metadata: 4 | name: limitrange-ratio 5 | spec: 6 | limits: 7 | - maxLimitRequestRatio: 8 | memory: 1.5 9 | cpu: 1 10 | type: Container 11 | -------------------------------------------------------------------------------- /chapter11-1/nginx-besteffort-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-besteffort-pod 5 | spec: 6 | containers: 7 | - name: nginx-besteffort-pod 8 | image: nginx:latest 9 | 10 | -------------------------------------------------------------------------------- /chapter11-1/quota-limit-besteffort.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ResourceQuota 3 | metadata: 4 | name: besteffort-quota 5 | namespace: default 6 | spec: 7 | hard: 8 | count/pods: 1 9 | scopes: 10 | - BestEffort 11 | -------------------------------------------------------------------------------- /chapter11-1/quota-limit-pod-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ResourceQuota 3 | metadata: 4 | name: resource-quota-example 5 | namespace: default 6 | spec: 7 | hard: 8 | requests.cpu: "1000m" 9 | requests.memory: "500Mi" 10 | limits.cpu: "1500m" 11 | limits.memory: "1000Mi" 12 | count/pods: 3 13 | count/services: 5 14 | -------------------------------------------------------------------------------- /chapter11-1/resource-limit-pod-guaranteed.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: resource-limit-pod-guaranteed 5 | labels: 6 | name: resource-limit-pod-guaranteed 7 | spec: 8 | containers: 9 | - name: nginx 10 | image: nginx:latest 11 | resources: 12 | limits: 13 | memory: "256Mi" 14 | cpu: "1000m" 15 | requests: 16 | memory: "256Mi" 17 | cpu: "1000m" 18 | -------------------------------------------------------------------------------- /chapter11-1/resource-limit-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: resource-limit-pod 5 | labels: 6 | name: resource-limit-pod 7 | spec: 8 | containers: 9 | - name: nginx 10 | image: nginx:latest 11 | resources: 12 | limits: 13 | memory: "256Mi" 14 | cpu: "1000m" 15 | -------------------------------------------------------------------------------- /chapter11-1/resource-limit-with-request-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: resource-limit-with-request-pod 5 | labels: 6 | name: resource-limit-with-request-pod 7 | spec: 8 | containers: 9 | - name: nginx 10 | image: nginx:latest 11 | resources: 12 | limits: 13 | memory: "256Mi" 14 | cpu: "1000m" 15 | requests: 16 | memory: "128Mi" 17 | cpu: "500m" 18 | 19 | -------------------------------------------------------------------------------- /chapter11-1/resource-quota.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ResourceQuota 3 | metadata: 4 | name: resource-quota-example 5 | namespace: default 6 | spec: 7 | hard: 8 | requests.cpu: "1000m" 9 | requests.memory: "500Mi" 10 | limits.cpu: "1500m" 11 | limits.memory: "1000Mi" 12 | -------------------------------------------------------------------------------- /chapter11-2/custom-scheduled-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: custom-scheduled-pod 5 | spec: 6 | schedulerName: my-custom-scheduler 7 | containers: 8 | - name: nginx-container 9 | image: nginx 10 | -------------------------------------------------------------------------------- /chapter11-2/custom-scheduler-python/__main__.py: -------------------------------------------------------------------------------- 1 | import random 2 | import json 3 | from kubernetes import client, config, watch 4 | 5 | # 이 스케줄러가 담당할 스케줄러 이름을 지정합니다. 6 | scheduler_name = "my-custom-scheduler" 7 | 8 | # 이 스케줄러가 스케줄링할 포드의 네임스페이스를 지정합니다. 필요에 따라 전역적으로 사용할 수도 있습니다. 9 | namespace_name = "default" 10 | 11 | # 포드 내부에 마운트되어 있는 secret을 읽어옵니다. 12 | config.load_incluster_config() 13 | v1 = client.CoreV1Api() 14 | 15 | 16 | # 테스트를 위해 랜덤하게 노드를 선택합니다. 별도의 스케줄링 알고리즘을 이 함수에서 구현할 수 있습니다. 17 | def select_node(): 18 | available_nodes = [] 19 | for node in v1.list_node().items: 20 | for status in node.status.conditions: 21 | if status.status == "True" and status.type == "Ready": 22 | available_nodes.append(node.metadata.name) 23 | 24 | selected_node = random.choice(available_nodes) 25 | return selected_node 26 | 27 | 28 | # 포드를 특정 노드에 바인딩합니다. 29 | def schedule_pod(pod_name, node_name): 30 | body = client.V1Binding( 31 | target=client.V1ObjectReference( 32 | kind="Node", 33 | api_version="v1", 34 | name=node_name 35 | ), 36 | metadata=client.V1ObjectMeta( 37 | name=pod_name 38 | ) 39 | ) 40 | 41 | # From issue https://github.com/kubernetes-client/python/issues/547 42 | try: 43 | v1.create_namespaced_binding(namespace=namespace_name, body=body) 44 | except ValueError: 45 | pass 46 | 47 | print("Scheduled {} into {}".format(pod_name, node_name)) 48 | 49 | 50 | 51 | if __name__ == '__main__': 52 | # API 서버로부터 Watch를 생성합니다. 53 | w = watch.Watch() 54 | 55 | # Watch로부터 데이터가 들어오면 스케줄링을 실행합니다. 56 | for event in w.stream(v1.list_namespaced_pod, namespace_name): 57 | if event['object'].status.phase == "Pending" and event['object'].spec.scheduler_name == scheduler_name: 58 | try: 59 | # 적절한 노드를 선택합니다. 60 | selected_node = select_node() 61 | 62 | # 포드를 해당 노드에 스케줄링합니다. 63 | result = schedule_pod(event['object'].metadata.name, selected_node) 64 | except Exception as e: 65 | print(json.loads(e.body)['message']) 66 | 67 | -------------------------------------------------------------------------------- /chapter11-2/deployment-exclusive.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: deployment-nginx 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: deployment-nginx 10 | template: 11 | metadata: 12 | name: deployment-nginx 13 | labels: 14 | app: deployment-nginx 15 | spec: 16 | affinity: 17 | podAntiAffinity: 18 | requiredDuringSchedulingIgnoredDuringExecution: 19 | - labelSelector: 20 | matchExpressions: 21 | - key: app 22 | operator: In 23 | values: 24 | - deployment-nginx 25 | topologyKey: "kubernetes.io/hostname" 26 | containers: 27 | - name: deployment-nginx 28 | image: nginx:latest 29 | -------------------------------------------------------------------------------- /chapter11-2/deployment-nginx-node-selector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: deployment-nginx 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: deployment-nginx 10 | template: 11 | metadata: 12 | name: deployment-nginx 13 | labels: 14 | app: deployment-nginx 15 | spec: 16 | nodeSelector: 17 | mylabel/disk: hdd 18 | containers: 19 | - name: deployment-nginx 20 | image: nginx:latest 21 | -------------------------------------------------------------------------------- /chapter11-2/deployment-pdb-test.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: deployment-pdb-test 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: webserver 10 | template: 11 | metadata: 12 | name: my-webserver 13 | labels: 14 | app: webserver 15 | spec: 16 | containers: 17 | - name: my-webserver 18 | image: alicek106/rr-test:echo-hostname 19 | ports: 20 | - containerPort: 80 21 | -------------------------------------------------------------------------------- /chapter11-2/nodeaffinity-preferred.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-nodeaffinity-preferred 5 | spec: 6 | affinity: 7 | nodeAffinity: 8 | preferredDuringSchedulingIgnoredDuringExecution: 9 | - weight: 80 # 조건을 만족하는 노드에 1~100까지의 가중치를 부여 10 | preference: 11 | matchExpressions: 12 | - key: mylabel/disk 13 | operator: In 14 | values: 15 | - ssd 16 | containers: 17 | - name: nginx 18 | image: nginx:latest 19 | -------------------------------------------------------------------------------- /chapter11-2/nodeaffinity-required.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-nodeaffinity-required 5 | spec: 6 | affinity: 7 | nodeAffinity: 8 | requiredDuringSchedulingIgnoredDuringExecution: 9 | nodeSelectorTerms: 10 | - matchExpressions: 11 | - key: mylabel/disk 12 | operator: In # values의 값 중 하나만 만족하면 됩니다. 13 | values: 14 | - ssd 15 | - hdd 16 | containers: 17 | - name: nginx 18 | image: nginx:latest 19 | -------------------------------------------------------------------------------- /chapter11-2/nodename-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx 5 | spec: 6 | nodeName: ip-10-43-0-30.ap-northeast-2.compute.internal 7 | containers: 8 | - name: nginx 9 | image: nginx:latest 10 | -------------------------------------------------------------------------------- /chapter11-2/nodeselector-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-nodeselector 5 | spec: 6 | nodeSelector: 7 | mylabel/disk: hdd 8 | containers: 9 | - name: nginx 10 | image: nginx:latest 11 | -------------------------------------------------------------------------------- /chapter11-2/pod-antiaffinity-preferred.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-pod-antiaffinity-preferred 5 | spec: 6 | affinity: 7 | podAntiAffinity: 8 | preferredDuringSchedulingIgnoredDuringExecution: 9 | - podAffinityTerm: 10 | labelSelector: 11 | matchExpressions: 12 | - key: mylabel/database 13 | operator: In 14 | values: 15 | - mysql 16 | topologyKey: failure-domain.beta.kubernetes.io/zone 17 | weight: 80 18 | containers: 19 | - name: nginx 20 | image: nginx:latest 21 | -------------------------------------------------------------------------------- /chapter11-2/pod-antiaffinity-required.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-pod-antiaffinity 5 | spec: 6 | affinity: 7 | podAntiAffinity: 8 | requiredDuringSchedulingIgnoredDuringExecution: 9 | - labelSelector: 10 | matchExpressions: 11 | - key: mylabel/database 12 | operator: In 13 | values: 14 | - mysql 15 | topologyKey: failure-domain.beta.kubernetes.io/zone 16 | containers: 17 | - name: nginx 18 | image: nginx:latest 19 | -------------------------------------------------------------------------------- /chapter11-2/podaffinity-hostname-topology.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-podaffinity-hostname 5 | spec: 6 | affinity: 7 | podAffinity: 8 | requiredDuringSchedulingIgnoredDuringExecution: 9 | - labelSelector: 10 | matchExpressions: 11 | - key: mylabel/database 12 | operator: In 13 | values: 14 | - mysql 15 | topologyKey: kubernetes.io/hostname 16 | containers: 17 | - name: nginx 18 | image: nginx:latest 19 | -------------------------------------------------------------------------------- /chapter11-2/podaffinity-required.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-podaffinity 5 | spec: 6 | affinity: 7 | podAffinity: 8 | requiredDuringSchedulingIgnoredDuringExecution: 9 | - labelSelector: 10 | matchExpressions: 11 | - key: mylabel/database 12 | operator: In 13 | values: 14 | - mysql 15 | topologyKey: failure-domain.beta.kubernetes.io/zone 16 | containers: 17 | - name: nginx 18 | image: nginx:latest 19 | -------------------------------------------------------------------------------- /chapter11-2/simple-pdb-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1beta1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | name: simple-pdb-example 5 | spec: 6 | maxUnavailable: 1 # 비활성화될 수 있는 포드의 최대 갯수 또는 비율 (%) 7 | # minAvailable: 2 8 | selector: # PDB의 대상이 될 포드를 선택하는 라벨 셀렉터 9 | matchLabels: 10 | app: webserver 11 | -------------------------------------------------------------------------------- /chapter11-2/toleration-master.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-master-toleration 5 | spec: 6 | tolerations: 7 | - key: node-role.kubernetes.io/master 8 | effect: NoSchedule 9 | operator: Equal 10 | value: "" 11 | nodeSelector: 12 | node-role.kubernetes.io/master: "" # 마스터 노드에서도 포드가 생성되도록 지정합니다. 13 | containers: 14 | - name: nginx 15 | image: nginx:latest 16 | -------------------------------------------------------------------------------- /chapter11-2/toleration-test.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-toleration-test 5 | spec: 6 | tolerations: 7 | - key: alicek106/my-taint 8 | value: dirty 9 | operator: Equal # alicek106/my-taint 키의 값이 dirty이며 (Equal) 10 | effect: NoSchedule # Taint 효과가 NoSchedule인 경우 해당 Taint를 용인합니다. 11 | containers: 12 | - name: nginx 13 | image: nginx:latest 14 | -------------------------------------------------------------------------------- /chapter11-3/completed-pod-restart-never.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: completed-pod-restart-never 5 | spec: 6 | restartPolicy: Never 7 | containers: 8 | - name: completed-pod-restart-never 9 | image: busybox 10 | command: ["sh"] 11 | args: ["-c", "sleep 10 && exit 0"] 12 | -------------------------------------------------------------------------------- /chapter11-3/completed-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: completed-pod-example 5 | spec: 6 | containers: 7 | - name: completed-pod-example 8 | image: busybox 9 | command: ["sh"] 10 | args: ["-c", "sleep 10 && exit 0"] 11 | -------------------------------------------------------------------------------- /chapter11-3/deployment-history-limit.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: deployment-history-limit 5 | spec: 6 | revisionHistoryLimit: 3 7 | replicas: 3 8 | selector: 9 | matchLabels: 10 | app: nginx 11 | template: 12 | metadata: 13 | name: nginx 14 | labels: 15 | app: nginx 16 | spec: 17 | containers: 18 | - name: nginx 19 | image: nginx:1.17 20 | ports: 21 | - containerPort: 80 22 | -------------------------------------------------------------------------------- /chapter11-3/deployment-recreate-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: deployment-recreate 5 | spec: 6 | replicas: 3 7 | strategy: 8 | type: Recreate 9 | selector: 10 | matchLabels: 11 | app: nginx 12 | template: 13 | metadata: 14 | name: nginx 15 | labels: 16 | app: nginx 17 | spec: 18 | containers: 19 | - name: nginx 20 | image: nginx:1.15 21 | ports: 22 | - containerPort: 80 23 | -------------------------------------------------------------------------------- /chapter11-3/deployment-recreate-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: deployment-recreate 5 | spec: 6 | replicas: 3 7 | strategy: 8 | type: Recreate 9 | selector: 10 | matchLabels: 11 | app: nginx 12 | template: 13 | metadata: 14 | name: nginx 15 | labels: 16 | app: nginx 17 | spec: 18 | containers: 19 | - name: nginx 20 | image: nginx:1.16 21 | ports: 22 | - containerPort: 80 23 | -------------------------------------------------------------------------------- /chapter11-3/deployment-rolling-update.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: deployment-rolling-update 5 | spec: 6 | replicas: 3 7 | strategy: 8 | type: RollingUpdate 9 | rollingUpdate: 10 | maxSurge: 2 11 | maxUnavailable: 2 12 | selector: 13 | matchLabels: 14 | app: nginx 15 | template: 16 | metadata: 17 | name: nginx 18 | labels: 19 | app: nginx 20 | spec: 21 | containers: 22 | - name: nginx 23 | image: nginx:1.15 24 | ports: 25 | - containerPort: 80 26 | -------------------------------------------------------------------------------- /chapter11-3/deployment-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: nginx 10 | template: 11 | metadata: 12 | name: nginx 13 | labels: 14 | app: nginx 15 | spec: 16 | containers: 17 | - name: nginx 18 | image: nginx:1.15 19 | ports: 20 | - containerPort: 80 21 | -------------------------------------------------------------------------------- /chapter11-3/deployment-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: nginx 10 | template: 11 | metadata: 12 | name: nginx 13 | labels: 14 | app: nginx 15 | spec: 16 | containers: 17 | - name: nginx 18 | image: nginx:1.16 19 | ports: 20 | - containerPort: 80 21 | -------------------------------------------------------------------------------- /chapter11-3/error-pod-restart-never.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: error-pod-restart-never 5 | spec: 6 | restartPolicy: Never 7 | containers: 8 | - name: error-pod-restart-never 9 | image: busybox 10 | command: ["sh"] 11 | args: ["-c", "sleep 10 && exit 1"] 12 | -------------------------------------------------------------------------------- /chapter11-3/init-container-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: init-container-example 5 | spec: 6 | initContainers: # 초기화 컨테이너를 이 항목에 정의합니다. 7 | - name: my-init-container 8 | image: busybox 9 | command: ["sh", "-c", "echo Hello World!"] 10 | containers: # 애플리케이션 컨테이너를 이 항목에 정의합니다. 11 | - name: nginx 12 | image: nginx 13 | -------------------------------------------------------------------------------- /chapter11-3/init-container-usecase.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: init-container-usecase 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx 9 | initContainers: 10 | - name: wait-other-service 11 | image: busybox 12 | command: ['sh', '-c', 'until nslookup myservice; do echo waiting..; sleep 1; done;'] 13 | -------------------------------------------------------------------------------- /chapter11-3/livenessprobe-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: livenessprobe-pod 5 | spec: 6 | containers: 7 | - name: livenessprobe-pod 8 | image: nginx 9 | livenessProbe: # 이 컨테이너에 대해 livenessProbe를 정의합니다. 10 | httpGet: # HTTP 요청을 통해 애플리케이션의 상태를 검사합니다. 11 | port: 80 # <포드의 IP>:80/ 경로를 통해 헬스 체크 요청을 보냅니다. 12 | path: / 13 | -------------------------------------------------------------------------------- /chapter11-3/minreadyseconds-v1.yaml: -------------------------------------------------------------------------------- 1 | # Reference : https://github.com/kubernetes/kubernetes/issues/51671 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: minreadyseconds-v1 6 | spec: 7 | replicas: 1 8 | minReadySeconds: 30 9 | strategy: 10 | type: RollingUpdate 11 | rollingUpdate: 12 | maxSurge: 1 13 | maxUnavailable: 0 14 | selector: 15 | matchLabels: 16 | app: minready-test 17 | template: 18 | metadata: 19 | labels: 20 | app: minready-test 21 | spec: 22 | containers: 23 | - name: minreadyseconds-v1 24 | image: alicek106/rr-test:echo-hostname 25 | --- 26 | apiVersion: v1 27 | kind: Service 28 | metadata: 29 | name: myservice 30 | spec: 31 | ports: 32 | - name: web-port 33 | port: 80 34 | targetPort: 80 35 | selector: 36 | app: minready-test 37 | type: NodePort 38 | -------------------------------------------------------------------------------- /chapter11-3/minreadyseconds-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: minreadyseconds-v1 5 | spec: 6 | replicas: 1 7 | minReadySeconds: 30 8 | strategy: 9 | type: RollingUpdate 10 | rollingUpdate: 11 | maxSurge: 1 12 | maxUnavailable: 0 13 | selector: 14 | matchLabels: 15 | app: minready-test 16 | template: 17 | metadata: 18 | labels: 19 | app: minready-test 20 | spec: 21 | containers: 22 | - name: minreadyseconds-v2 23 | image: alicek106/rr-test:echo-hostname 24 | --- 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: myservice 29 | spec: 30 | ports: 31 | - name: web-port 32 | port: 80 33 | targetPort: 80 34 | selector: 35 | app: minready-test 36 | type: NodePort 37 | -------------------------------------------------------------------------------- /chapter11-3/poststart-hook.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: poststart-hook 5 | spec: 6 | containers: 7 | - name: poststart-hook 8 | image: nginx 9 | lifecycle: 10 | postStart: 11 | exec: 12 | command: ["sh", "-c", "touch /myfile"] 13 | -------------------------------------------------------------------------------- /chapter11-3/prestop-hook.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: prestop-hook 5 | spec: 6 | containers: 7 | - name: prestop-hook 8 | image: nginx 9 | lifecycle: 10 | preStop: 11 | exec: 12 | command: ["/usr/sbin/nginx","-s","quit"] 13 | -------------------------------------------------------------------------------- /chapter11-3/probe-options.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: probe-options-example 5 | labels: 6 | my-readinessprobe: test 7 | spec: 8 | containers: 9 | - name: probe-options-example 10 | image: nginx 11 | readinessProbe: 12 | httpGet: 13 | port: 80 14 | path: / 15 | periodSeconds: 5 16 | initialDelaySeconds: 10 17 | timeoutSeconds: 1 18 | successThreshold: 1 19 | failureThreshold: 3 20 | -------------------------------------------------------------------------------- /chapter11-3/readinessprobe-pod-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: readinessprobe-pod 5 | labels: 6 | my-readinessprobe: test 7 | spec: 8 | containers: 9 | - name: readinessprobe-pod 10 | image: nginx # Nginx 서버 컨테이너를 생성합니다. 11 | readinessProbe: # <포드의 IP>:80/ 로 상태 검사 요청을 전송합니다. 12 | httpGet: 13 | port: 80 14 | path: / 15 | --- 16 | apiVersion: v1 17 | kind: Service 18 | metadata: 19 | name: readinessprobe-svc 20 | spec: 21 | ports: 22 | - name: nginx 23 | port: 80 24 | targetPort: 80 25 | selector: 26 | my-readinessprobe: test 27 | type: ClusterIP 28 | -------------------------------------------------------------------------------- /chapter11-3/rolling-update-example-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: deployment-rolling-update 5 | spec: 6 | replicas: 4 7 | strategy: 8 | type: RollingUpdate 9 | rollingUpdate: 10 | maxSurge: 2 11 | maxUnavailable: 1 12 | selector: 13 | matchLabels: 14 | app: nginx 15 | template: 16 | metadata: 17 | name: nginx 18 | labels: 19 | app: nginx 20 | spec: 21 | containers: 22 | - name: nginx 23 | image: nginx:1.15 24 | ports: 25 | - containerPort: 80 26 | -------------------------------------------------------------------------------- /chapter11-3/rolling-update-example-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: deployment-rolling-update 5 | spec: 6 | replicas: 4 7 | strategy: 8 | type: RollingUpdate 9 | rollingUpdate: 10 | maxSurge: 2 11 | maxUnavailable: 1 12 | selector: 13 | matchLabels: 14 | app: nginx 15 | template: 16 | metadata: 17 | name: nginx 18 | labels: 19 | app: nginx 20 | spec: 21 | containers: 22 | - name: nginx 23 | image: nginx:1.16 24 | ports: 25 | - containerPort: 80 26 | -------------------------------------------------------------------------------- /chapter11-3/termination-grace-period-seconds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: termination-grace-period-seconds 5 | spec: 6 | terminationGracePeriodSeconds: 10 7 | containers: 8 | - name: termination-grace-period-seconds 9 | image: nginx 10 | lifecycle: 11 | preStop: 12 | exec: 13 | command: ["/usr/sbin/nginx","-s","quit"] 14 | -------------------------------------------------------------------------------- /chapter12/my-cr-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k106.com/v1alpha1 2 | kind: Alice 3 | metadata: 4 | name: my-custom-resource 5 | spec: 6 | myvalue: "This is my value" 7 | -------------------------------------------------------------------------------- /chapter12/my-crd-example-k8s-latest.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: alices.k106.com # 1. CRD의 이름 5 | spec: 6 | group: k106.com # 2. 커스텀 리소스의 API 그룹 7 | scope: Namespaced # 커스텀 리소스가 네임스페이스에 속하는지 여부 8 | names: 9 | plural: alices # 3. 커스텀 리소스의 이름 (복수형) 10 | singular: alice # 커스텀 리소스의 이름 (단수형) 11 | kind: Alice # YAML 파일 등에서 사용될 커스텀 리소스의 Kind 12 | shortNames: ["ac"] # 커스텀 리소스 이름의 줄임말 13 | versions: 14 | - name: v1alpha1 # 커스텀 리소스의 API 버전 15 | served: true 16 | storage: true 17 | schema: 18 | openAPIV3Schema: # 4. 커스텀 리소스의 데이터를 정의 19 | type: object 20 | required: ["spec"] # 커스텀 리소스에는 반드시 "spec"이 존재해야 함 21 | properties: # 커스텀 리소스에 저장될 데이터 형식을 정의 22 | spec: 23 | required: ["myvalue"] 24 | type: object 25 | properties: 26 | myvalue: 27 | type: "string" 28 | minimum: 1 29 | -------------------------------------------------------------------------------- /chapter12/my-crd-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1beta1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: alices.k106.com # 1. CRD의 이름 5 | spec: 6 | group: k106.com # 2. 커스텀 리소스의 API 그룹 7 | version: v1alpha1 # 커스텀 리소스의 API 버전 8 | scope: Namespaced # 커스텀 리소스가 네임스페이스에 속하는지 여부 9 | names: 10 | plural: alices # 3. 커스텀 리소스의 이름 (복수형) 11 | singular: alice # 커스텀 리소스의 이름 (단수형) 12 | kind: Alice # YAML 파일 등에서 사용될 커스텀 리소스의 Kind 13 | shortNames: ["ac"] # 커스텀 리소스 이름의 줄임말 14 | validation: 15 | openAPIV3Schema: # 4. 커스텀 리소스의 데이터를 정의 16 | required: ["spec"] # 커스텀 리소스에는 반드시 "spec" 이 존재해야 함. 17 | properties: # 커스텀 리소스에 저장될 데이터 형식을 정의 18 | spec: 19 | required: ["myvalue"] 20 | properties: 21 | myvalue: 22 | type: "string" 23 | minimum: 1 24 | -------------------------------------------------------------------------------- /chapter13/cronjob-example-k8s-latest.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: CronJob 3 | metadata: 4 | name: cronjob-example 5 | spec: 6 | schedule: "*/1 * * * *" # Job의 실행 주기 7 | jobTemplate: # 실행될 Job의 설정 내용 (spec) 8 | spec: 9 | template: 10 | spec: 11 | restartPolicy: Never 12 | containers: 13 | - name: cronjob-example 14 | image: busybox 15 | args: ["sh", "-c", "date"] 16 | -------------------------------------------------------------------------------- /chapter13/cronjob-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1beta1 2 | kind: CronJob 3 | metadata: 4 | name: cronjob-example 5 | spec: 6 | schedule: "*/1 * * * *" # Job의 실행 주기 7 | jobTemplate: # 실행될 Job의 설정 내용 (spec) 8 | spec: 9 | template: 10 | spec: 11 | restartPolicy: Never 12 | containers: 13 | - name: cronjob-example 14 | image: busybox 15 | args: ["sh", "-c", "date"] 16 | -------------------------------------------------------------------------------- /chapter13/daemonset-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet # [1] 3 | metadata: 4 | name: daemonset-example 5 | spec: 6 | selector: 7 | matchLabels: 8 | name: my-daemonset-example # [2.1] 포드를 생성하기 위한 셀렉터 설정 9 | template: 10 | metadata: # [2.2] 포드 라벨 설정 11 | labels: 12 | name: my-daemonset-example 13 | spec: 14 | tolerations: # [3] 마스터 노드에도 포드를 생성 15 | - key: node-role.kubernetes.io/master 16 | effect: NoSchedule 17 | containers: 18 | - name: daemonset-example 19 | image: busybox # 테스트를 위해 busybox 이미지 사용 20 | args: ["tail", "-f", "/dev/null"] 21 | resources: # [4] 자원 할당량을 제한 22 | limits: 23 | cpu: 100m 24 | memory: 200Mi 25 | -------------------------------------------------------------------------------- /chapter13/job-comple-parallel.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: job-comple-parallel 5 | spec: 6 | completions: 8 7 | parallelism: 2 8 | template: 9 | spec: 10 | restartPolicy: Never 11 | containers: 12 | - image: busybox 13 | args: ["sh", "-c", "echo Hello, World && exit 0"] 14 | name: job-comple-parallel 15 | -------------------------------------------------------------------------------- /chapter13/job-completions.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: job-completions 5 | spec: 6 | completions: 3 7 | template: 8 | spec: 9 | restartPolicy: Never 10 | containers: 11 | - image: busybox 12 | args: ["sh", "-c", "echo Hello, World && exit 0"] 13 | name: job-completions 14 | -------------------------------------------------------------------------------- /chapter13/job-hello-world.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: job-hello-world 5 | spec: 6 | template: 7 | spec: 8 | restartPolicy: Never 9 | containers: 10 | - image: busybox 11 | args: ["sh", "-c", "echo Hello, World && exit 0"] 12 | name: job-hello-world 13 | -------------------------------------------------------------------------------- /chapter13/job-parallelism.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: job-parallelism 5 | spec: 6 | parallelism: 3 7 | template: 8 | spec: 9 | restartPolicy: Never 10 | containers: 11 | - image: busybox 12 | args: ["sh", "-c", "echo Hello, World && exit 0"] 13 | name: job-parallelism 14 | -------------------------------------------------------------------------------- /chapter13/statefulset-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: statefulset-example 5 | spec: 6 | serviceName: statefulset-service 7 | selector: 8 | matchLabels: 9 | name: statefulset-example 10 | replicas: 3 11 | template: 12 | metadata: 13 | labels: 14 | name: statefulset-example 15 | spec: 16 | containers: 17 | - name: statefulset-example 18 | image: alicek106/rr-test:echo-hostname 19 | ports: 20 | - containerPort: 80 21 | name: web 22 | --- 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | name: statefulset-service 27 | spec: 28 | ports: 29 | - port: 80 30 | name: web 31 | clusterIP: None 32 | selector: 33 | name: statefulset-example 34 | 35 | -------------------------------------------------------------------------------- /chapter13/statefulset-volume.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: statefulset-volume 5 | spec: 6 | serviceName: statefulset-volume-service 7 | selector: 8 | matchLabels: 9 | name: statefulset-volume-example 10 | replicas: 3 11 | template: 12 | metadata: 13 | labels: 14 | name: statefulset-volume-example 15 | spec: 16 | containers: 17 | - name: statefulset-volume-example 18 | image: alicek106/rr-test:echo-hostname 19 | ports: 20 | - containerPort: 80 21 | name: web 22 | volumeMounts: 23 | - name: webserver-files 24 | mountPath: /var/www/html/ 25 | volumeClaimTemplates: 26 | - metadata: 27 | name: webserver-files 28 | spec: 29 | accessModes: ["ReadWriteOnce"] 30 | storageClassName: generic 31 | resources: 32 | requests: 33 | storage: 1Gi 34 | --- 35 | apiVersion: v1 36 | kind: Service 37 | metadata: 38 | name: statefulset-volume-service 39 | spec: 40 | ports: 41 | - port: 80 42 | name: web 43 | clusterIP: None 44 | selector: 45 | name: statefulset-volume-example 46 | -------------------------------------------------------------------------------- /chapter14/components.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: system:aggregated-metrics-reader 6 | labels: 7 | rbac.authorization.k8s.io/aggregate-to-view: "true" 8 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 9 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 10 | rules: 11 | - apiGroups: ["metrics.k8s.io"] 12 | resources: ["pods", "nodes"] 13 | verbs: ["get", "list", "watch"] 14 | --- 15 | apiVersion: rbac.authorization.k8s.io/v1 16 | kind: ClusterRoleBinding 17 | metadata: 18 | name: metrics-server:system:auth-delegator 19 | roleRef: 20 | apiGroup: rbac.authorization.k8s.io 21 | kind: ClusterRole 22 | name: system:auth-delegator 23 | subjects: 24 | - kind: ServiceAccount 25 | name: metrics-server 26 | namespace: kube-system 27 | --- 28 | apiVersion: rbac.authorization.k8s.io/v1 29 | kind: RoleBinding 30 | metadata: 31 | name: metrics-server-auth-reader 32 | namespace: kube-system 33 | roleRef: 34 | apiGroup: rbac.authorization.k8s.io 35 | kind: Role 36 | name: extension-apiserver-authentication-reader 37 | subjects: 38 | - kind: ServiceAccount 39 | name: metrics-server 40 | namespace: kube-system 41 | --- 42 | apiVersion: apiregistration.k8s.io/v1beta1 43 | kind: APIService 44 | metadata: 45 | name: v1beta1.metrics.k8s.io 46 | spec: 47 | service: 48 | name: metrics-server 49 | namespace: kube-system 50 | group: metrics.k8s.io 51 | version: v1beta1 52 | insecureSkipTLSVerify: true 53 | groupPriorityMinimum: 100 54 | versionPriority: 100 55 | --- 56 | apiVersion: v1 57 | kind: ServiceAccount 58 | metadata: 59 | name: metrics-server 60 | namespace: kube-system 61 | --- 62 | apiVersion: apps/v1 63 | kind: Deployment 64 | metadata: 65 | name: metrics-server 66 | namespace: kube-system 67 | labels: 68 | k8s-app: metrics-server 69 | spec: 70 | selector: 71 | matchLabels: 72 | k8s-app: metrics-server 73 | template: 74 | metadata: 75 | name: metrics-server 76 | labels: 77 | k8s-app: metrics-server 78 | spec: 79 | serviceAccountName: metrics-server 80 | volumes: 81 | # mount in tmp so we can safely use from-scratch images and/or read-only containers 82 | - name: tmp-dir 83 | emptyDir: {} 84 | containers: 85 | - name: metrics-server 86 | image: k8s.gcr.io/metrics-server/metrics-server:v0.3.7 87 | imagePullPolicy: IfNotPresent 88 | args: 89 | - --cert-dir=/tmp 90 | - --secure-port=4443 91 | - --kubelet-insecure-tls 92 | ports: 93 | - name: main-port 94 | containerPort: 4443 95 | protocol: TCP 96 | securityContext: 97 | readOnlyRootFilesystem: true 98 | runAsNonRoot: true 99 | runAsUser: 1000 100 | volumeMounts: 101 | - name: tmp-dir 102 | mountPath: /tmp 103 | nodeSelector: 104 | kubernetes.io/os: linux 105 | --- 106 | apiVersion: v1 107 | kind: Service 108 | metadata: 109 | name: metrics-server 110 | namespace: kube-system 111 | labels: 112 | kubernetes.io/name: "Metrics-server" 113 | kubernetes.io/cluster-service: "true" 114 | spec: 115 | selector: 116 | k8s-app: metrics-server 117 | ports: 118 | - port: 443 119 | protocol: TCP 120 | targetPort: main-port 121 | --- 122 | apiVersion: rbac.authorization.k8s.io/v1 123 | kind: ClusterRole 124 | metadata: 125 | name: system:metrics-server 126 | rules: 127 | - apiGroups: 128 | - "" 129 | resources: 130 | - pods 131 | - nodes 132 | - nodes/stats 133 | - namespaces 134 | - configmaps 135 | verbs: 136 | - get 137 | - list 138 | - watch 139 | --- 140 | apiVersion: rbac.authorization.k8s.io/v1 141 | kind: ClusterRoleBinding 142 | metadata: 143 | name: system:metrics-server 144 | roleRef: 145 | apiGroup: rbac.authorization.k8s.io 146 | kind: ClusterRole 147 | name: system:metrics-server 148 | subjects: 149 | - kind: ServiceAccount 150 | name: metrics-server 151 | namespace: kube-system 152 | -------------------------------------------------------------------------------- /chapter14/grafana.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: grafana 5 | namespace: default 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: grafana 10 | template: 11 | metadata: 12 | labels: 13 | app: grafana 14 | spec: 15 | containers: 16 | - image: grafana/grafana:7.0.0 17 | name: grafana 18 | --- 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: grafana 23 | namespace: default 24 | spec: 25 | ports: 26 | - name: http 27 | port: 3000 28 | targetPort: 3000 29 | selector: 30 | app: grafana 31 | -------------------------------------------------------------------------------- /chapter14/kube-state-metrics-serviceMonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: kube-state-metrics 5 | namespace: monitoring 6 | spec: 7 | jobLabel: app.kubernetes.io/name 8 | selector: 9 | matchLabels: 10 | app.kubernetes.io/name: kube-state-metrics 11 | namespaceSelector: 12 | matchNames: 13 | - kube-system 14 | endpoints: 15 | - port: http-metrics 16 | interval: 15s 17 | -------------------------------------------------------------------------------- /chapter14/kubelet-serviceMonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: kubelet 5 | namespace: monitoring 6 | labels: 7 | app: monitoring 8 | monitoring: kubelet-monitor 9 | spec: 10 | endpoints: 11 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 12 | honorLabels: true 13 | interval: 15s 14 | port: https-metrics 15 | scheme: https 16 | tlsConfig: 17 | insecureSkipVerify: true 18 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 19 | honorLabels: true 20 | interval: 15s 21 | relabelings: 22 | - sourceLabels: [job] 23 | action: replace 24 | replacement: kubernetes-cadvisor 25 | targetLabel: job 26 | metricRelabelings: 27 | - action: drop 28 | regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) 29 | sourceLabels: 30 | - __name__ 31 | path: /metrics/cadvisor 32 | port: https-metrics 33 | scheme: https 34 | tlsConfig: 35 | insecureSkipVerify: true 36 | jobLabel: k8s-app 37 | namespaceSelector: 38 | matchNames: 39 | - kube-system 40 | selector: 41 | matchLabels: 42 | k8s-app: kubelet 43 | -------------------------------------------------------------------------------- /chapter14/node-exporter-serviceMonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: node-exporter 6 | app.kubernetes.io/version: v0.18.1 7 | name: node-exporter 8 | namespace: monitoring 9 | spec: 10 | endpoints: 11 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 12 | interval: 15s 13 | port: https 14 | relabelings: 15 | - action: replace 16 | regex: (.*) 17 | replacement: $1 18 | sourceLabels: 19 | - __meta_kubernetes_pod_node_name 20 | targetLabel: instance 21 | scheme: http 22 | tlsConfig: 23 | insecureSkipVerify: true 24 | jobLabel: app.kubernetes.io/name 25 | selector: 26 | matchLabels: 27 | app.kubernetes.io/name: node-exporter 28 | -------------------------------------------------------------------------------- /chapter14/node-exporter/monitoring-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: monitoring 5 | -------------------------------------------------------------------------------- /chapter14/node-exporter/node-exporter-daemonset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: node-exporter 6 | app.kubernetes.io/version: v0.18.1 7 | name: node-exporter 8 | namespace: monitoring 9 | spec: 10 | selector: 11 | matchLabels: 12 | app.kubernetes.io/name: node-exporter 13 | template: 14 | metadata: 15 | labels: 16 | app.kubernetes.io/name: node-exporter 17 | app.kubernetes.io/version: v0.18.1 18 | spec: 19 | containers: 20 | - args: 21 | - --web.listen-address=0.0.0.0:9100 22 | - --path.procfs=/host/proc 23 | - --path.sysfs=/host/sys 24 | - --path.rootfs=/host/root 25 | - --no-collector.wifi 26 | - --no-collector.hwmon 27 | - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) 28 | image: quay.io/prometheus/node-exporter:v0.18.1 29 | name: node-exporter 30 | resources: 31 | limits: 32 | cpu: 250m 33 | memory: 180Mi 34 | requests: 35 | cpu: 100m 36 | memory: 180Mi 37 | volumeMounts: 38 | - mountPath: /host/proc 39 | name: proc 40 | readOnly: false 41 | - mountPath: /host/sys 42 | name: sys 43 | readOnly: false 44 | - mountPath: /host/root 45 | mountPropagation: HostToContainer 46 | name: root 47 | readOnly: true 48 | hostNetwork: true 49 | hostPID: true 50 | nodeSelector: 51 | kubernetes.io/os: linux 52 | securityContext: 53 | runAsNonRoot: true 54 | runAsUser: 65534 55 | serviceAccountName: node-exporter 56 | tolerations: 57 | - operator: Exists 58 | volumes: 59 | - hostPath: 60 | path: /proc 61 | name: proc 62 | - hostPath: 63 | path: /sys 64 | name: sys 65 | - hostPath: 66 | path: / 67 | name: root 68 | -------------------------------------------------------------------------------- /chapter14/node-exporter/node-exporter-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: node-exporter 6 | app.kubernetes.io/version: v0.18.1 7 | name: node-exporter 8 | namespace: monitoring 9 | spec: 10 | clusterIP: None 11 | ports: 12 | - name: https 13 | port: 9100 14 | targetPort: 9100 15 | selector: 16 | app.kubernetes.io/name: node-exporter 17 | -------------------------------------------------------------------------------- /chapter14/node-exporter/node-exporter-serviceAccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: node-exporter 5 | namespace: monitoring 6 | -------------------------------------------------------------------------------- /chapter14/prometheus-clusterRole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: prometheus-k8s 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - nodes/metrics 10 | verbs: 11 | - get 12 | - nonResourceURLs: 13 | - /metrics 14 | verbs: 15 | - get 16 | - apiGroups: 17 | - "" 18 | resources: 19 | - pods 20 | - services 21 | - endpoints 22 | verbs: 23 | - get 24 | - list 25 | - watch 26 | 27 | -------------------------------------------------------------------------------- /chapter14/prometheus-clusterRoleBinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: prometheus-k8s 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: prometheus-k8s 9 | subjects: 10 | - kind: ServiceAccount 11 | name: prometheus-k8s 12 | namespace: default 13 | -------------------------------------------------------------------------------- /chapter14/prometheus-sa-configured.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: Prometheus 3 | metadata: 4 | name: prometheus 5 | namespace: default 6 | spec: 7 | replicas: 1 8 | serviceMonitorNamespaceSelector: {} 9 | serviceMonitorSelector: {} 10 | serviceAccountName: prometheus-k8s 11 | -------------------------------------------------------------------------------- /chapter14/prometheus-serviceAccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: prometheus-k8s 5 | namespace: default 6 | -------------------------------------------------------------------------------- /chapter14/prometheus-simple.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: Prometheus 3 | metadata: 4 | name: prometheus 5 | namespace: default 6 | spec: 7 | replicas: 1 8 | serviceMonitorNamespaceSelector: {} 9 | serviceMonitorSelector: {} 10 | -------------------------------------------------------------------------------- /chapter2/fluentd_mongo/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM fluent/fluentd:v1.12 2 | LABEL maintainer=alice_k106@naver.com 3 | USER root 4 | 5 | RUN apk update && \ 6 | apk add musl-dev gcc make ruby-dev && \ 7 | fluent-gem install fluent-plugin-mongo 8 | 9 | EXPOSE 24284 10 | USER fluent 11 | CMD exec fluentd -c /fluentd/etc/$FLUENTD_CONF -p /fluentd/plugins $FLUENTD_OPT 12 | -------------------------------------------------------------------------------- /chapter2/fluentd_mongo/fluent.conf: -------------------------------------------------------------------------------- 1 | 2 | @type forward 3 | 4 | 5 | 6 | @type mongo 7 | database nginx 8 | collection access 9 | host 163.180.117.42 10 | port 27017 11 | flush_interval 10s 12 | 13 | 14 | -------------------------------------------------------------------------------- /chapter2/fluentd_mongo/log/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alicek106/start-docker-kubernetes/7b79350a86e0daea4dea7178d0de4e67c27824a2/chapter2/fluentd_mongo/log/.keep -------------------------------------------------------------------------------- /chapter2/fluentd_mongo/plugins/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alicek106/start-docker-kubernetes/7b79350a86e0daea4dea7178d0de4e67c27824a2/chapter2/fluentd_mongo/plugins/.keep -------------------------------------------------------------------------------- /chapter2/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | upstream docker-registry { 2 | server registry:5000; 3 | } 4 | server { 5 | listen 443; 6 | server_name ${DOCKER_HOST_IP}; 7 | ssl on; 8 | ssl_certificate /etc/nginx/conf.d/domain.crt; 9 | ssl_certificate_key /etc/nginx/conf.d/domain.key; 10 | client_max_body_size 0; 11 | chunked_transfer_encoding on; 12 | 13 | location /v2/ { 14 | if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { 15 | return 404; 16 | } 17 | auth_basic "registry.localhost"; 18 | auth_basic_user_file /etc/nginx/conf.d/htpasswd; 19 | add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always; 20 | 21 | proxy_pass http://docker-registry; 22 | proxy_set_header Host $http_host; 23 | proxy_set_header X-Real-IP $remote_addr; 24 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 25 | proxy_set_header X-Forwarded-Proto $scheme; 26 | proxy_read_timeout 900; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /chapter3/nfs-server/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04 2 | MAINTAINER alice_k106@naver.com 3 | RUN apt-get update && apt-get install -y nfs-common \ 4 | nfs-kernel-server \ 5 | rpcbind 6 | RUN mkdir /home/nfs_server && chmod 777 /home/nfs_server 7 | ADD nfs-kernel-server /etc/defaults/nfs-kernel-server 8 | ADD options /etc/modprobe.d/options 9 | ADD services /etc/services 10 | ADD exports_example /etc/exports 11 | ADD entrypoint.sh /entrypoint.sh 12 | ENTRYPOINT /entrypoint.sh 13 | -------------------------------------------------------------------------------- /chapter3/nfs-server/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo /etc/init.d/rpcbind restart 3 | sudo /etc/init.d/nfs-kernel-server restart 4 | /bin/bash 5 | -------------------------------------------------------------------------------- /chapter3/nfs-server/exports_example: -------------------------------------------------------------------------------- 1 | # /etc/exports: the access control list for filesystems which may be exported 2 | # to NFS clients. See exports(5). 3 | # 4 | # Example for NFSv2 and NFSv3: 5 | # /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check) 6 | # 7 | # Example for NFSv4: 8 | # /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check) 9 | # /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check) 10 | # 11 | /home/nfs_server *(rw,sync,fsid=0) 12 | -------------------------------------------------------------------------------- /chapter3/nfs-server/nfs-kernel-server: -------------------------------------------------------------------------------- 1 | # Number of servers to start up 2 | RPCNFSDCOUNT=8 3 | 4 | # Runtime priority of server (see nice(1)) 5 | RPCNFSDPRIORITY=0 6 | 7 | # Options for rpc.mountd. 8 | # If you have a port-based firewall, you might want to set up 9 | # a fixed port here using the --port option. For more information, 10 | # see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS 11 | # To disable NFSv4 on the server, specify '--no-nfs-version 4' here 12 | # RPCMOUNTDOPTS="--manage-gids" 13 | RPCMOUNTDOPTS="-p 4002 -g" 14 | 15 | # Do you want to start the svcgssd daemon? It is only required for Kerberos 16 | # exports. Valid alternatives are "yes" and "no"; the default is "no". 17 | NEED_SVCGSSD="" 18 | 19 | # Options for rpc.svcgssd. 20 | RPCSVCGSSDOPTS="" 21 | 22 | # Options for rpc.nfsd. 23 | RPCNFSDOPTS="" 24 | -------------------------------------------------------------------------------- /chapter3/nfs-server/options: -------------------------------------------------------------------------------- 1 | options lockd nlm_udpport=4001 nlm_tcpport=4001 2 | -------------------------------------------------------------------------------- /chapter3/nfs-server/services: -------------------------------------------------------------------------------- 1 | # Network services, Internet style 2 | # 3 | # Note that it is presently the policy of IANA to assign a single well-known 4 | # port number for both TCP and UDP; hence, officially ports have two entries 5 | # even if the protocol doesn't support UDP operations. 6 | # 7 | # Updated from http://www.iana.org/assignments/port-numbers and other 8 | # sources like http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/services . 9 | # New ports will be added on request if they have been officially assigned 10 | # by IANA and used in the real-world or are needed by a debian package. 11 | # If you need a huge list of used numbers please install the nmap package. 12 | 13 | tcpmux 1/tcp # TCP port service multiplexer 14 | echo 7/tcp 15 | echo 7/udp 16 | discard 9/tcp sink null 17 | discard 9/udp sink null 18 | systat 11/tcp users 19 | daytime 13/tcp 20 | daytime 13/udp 21 | netstat 15/tcp 22 | qotd 17/tcp quote 23 | msp 18/tcp # message send protocol 24 | msp 18/udp 25 | chargen 19/tcp ttytst source 26 | chargen 19/udp ttytst source 27 | ftp-data 20/tcp 28 | ftp 21/tcp 29 | fsp 21/udp fspd 30 | ssh 22/tcp # SSH Remote Login Protocol 31 | ssh 22/udp 32 | telnet 23/tcp 33 | smtp 25/tcp mail 34 | time 37/tcp timserver 35 | time 37/udp timserver 36 | rlp 39/udp resource # resource location 37 | nameserver 42/tcp name # IEN 116 38 | whois 43/tcp nicname 39 | tacacs 49/tcp # Login Host Protocol (TACACS) 40 | tacacs 49/udp 41 | re-mail-ck 50/tcp # Remote Mail Checking Protocol 42 | re-mail-ck 50/udp 43 | domain 53/tcp # Domain Name Server 44 | domain 53/udp 45 | mtp 57/tcp # deprecated 46 | tacacs-ds 65/tcp # TACACS-Database Service 47 | tacacs-ds 65/udp 48 | bootps 67/tcp # BOOTP server 49 | bootps 67/udp 50 | bootpc 68/tcp # BOOTP client 51 | bootpc 68/udp 52 | tftp 69/udp 53 | gopher 70/tcp # Internet Gopher 54 | gopher 70/udp 55 | rje 77/tcp netrjs 56 | finger 79/tcp 57 | http 80/tcp www # WorldWideWeb HTTP 58 | http 80/udp # HyperText Transfer Protocol 59 | link 87/tcp ttylink 60 | kerberos 88/tcp kerberos5 krb5 kerberos-sec # Kerberos v5 61 | kerberos 88/udp kerberos5 krb5 kerberos-sec # Kerberos v5 62 | supdup 95/tcp 63 | hostnames 101/tcp hostname # usually from sri-nic 64 | iso-tsap 102/tcp tsap # part of ISODE 65 | acr-nema 104/tcp dicom # Digital Imag. & Comm. 300 66 | acr-nema 104/udp dicom 67 | csnet-ns 105/tcp cso-ns # also used by CSO name server 68 | csnet-ns 105/udp cso-ns 69 | rtelnet 107/tcp # Remote Telnet 70 | rtelnet 107/udp 71 | pop2 109/tcp postoffice pop-2 # POP version 2 72 | pop2 109/udp pop-2 73 | pop3 110/tcp pop-3 # POP version 3 74 | pop3 110/udp pop-3 75 | sunrpc 111/tcp portmapper # RPC 4.0 portmapper 76 | sunrpc 111/udp portmapper 77 | auth 113/tcp authentication tap ident 78 | sftp 115/tcp 79 | uucp-path 117/tcp 80 | nntp 119/tcp readnews untp # USENET News Transfer Protocol 81 | ntp 123/tcp 82 | ntp 123/udp # Network Time Protocol 83 | pwdgen 129/tcp # PWDGEN service 84 | pwdgen 129/udp 85 | loc-srv 135/tcp epmap # Location Service 86 | loc-srv 135/udp epmap 87 | netbios-ns 137/tcp # NETBIOS Name Service 88 | netbios-ns 137/udp 89 | netbios-dgm 138/tcp # NETBIOS Datagram Service 90 | netbios-dgm 138/udp 91 | netbios-ssn 139/tcp # NETBIOS session service 92 | netbios-ssn 139/udp 93 | imap2 143/tcp imap # Interim Mail Access P 2 and 4 94 | imap2 143/udp imap 95 | snmp 161/tcp # Simple Net Mgmt Protocol 96 | snmp 161/udp 97 | snmp-trap 162/tcp snmptrap # Traps for SNMP 98 | snmp-trap 162/udp snmptrap 99 | cmip-man 163/tcp # ISO mgmt over IP (CMOT) 100 | cmip-man 163/udp 101 | cmip-agent 164/tcp 102 | cmip-agent 164/udp 103 | mailq 174/tcp # Mailer transport queue for Zmailer 104 | mailq 174/udp 105 | xdmcp 177/tcp # X Display Mgr. Control Proto 106 | xdmcp 177/udp 107 | nextstep 178/tcp NeXTStep NextStep # NeXTStep window 108 | nextstep 178/udp NeXTStep NextStep # server 109 | bgp 179/tcp # Border Gateway Protocol 110 | bgp 179/udp 111 | prospero 191/tcp # Cliff Neuman's Prospero 112 | prospero 191/udp 113 | irc 194/tcp # Internet Relay Chat 114 | irc 194/udp 115 | smux 199/tcp # SNMP Unix Multiplexer 116 | smux 199/udp 117 | at-rtmp 201/tcp # AppleTalk routing 118 | at-rtmp 201/udp 119 | at-nbp 202/tcp # AppleTalk name binding 120 | at-nbp 202/udp 121 | at-echo 204/tcp # AppleTalk echo 122 | at-echo 204/udp 123 | at-zis 206/tcp # AppleTalk zone information 124 | at-zis 206/udp 125 | qmtp 209/tcp # Quick Mail Transfer Protocol 126 | qmtp 209/udp 127 | z3950 210/tcp wais # NISO Z39.50 database 128 | z3950 210/udp wais 129 | ipx 213/tcp # IPX 130 | ipx 213/udp 131 | imap3 220/tcp # Interactive Mail Access 132 | imap3 220/udp # Protocol v3 133 | pawserv 345/tcp # Perf Analysis Workbench 134 | pawserv 345/udp 135 | zserv 346/tcp # Zebra server 136 | zserv 346/udp 137 | fatserv 347/tcp # Fatmen Server 138 | fatserv 347/udp 139 | rpc2portmap 369/tcp 140 | rpc2portmap 369/udp # Coda portmapper 141 | codaauth2 370/tcp 142 | codaauth2 370/udp # Coda authentication server 143 | clearcase 371/tcp Clearcase 144 | clearcase 371/udp Clearcase 145 | ulistserv 372/tcp # UNIX Listserv 146 | ulistserv 372/udp 147 | ldap 389/tcp # Lightweight Directory Access Protocol 148 | ldap 389/udp 149 | imsp 406/tcp # Interactive Mail Support Protocol 150 | imsp 406/udp 151 | svrloc 427/tcp # Server Location 152 | svrloc 427/udp 153 | https 443/tcp # http protocol over TLS/SSL 154 | https 443/udp 155 | snpp 444/tcp # Simple Network Paging Protocol 156 | snpp 444/udp 157 | microsoft-ds 445/tcp # Microsoft Naked CIFS 158 | microsoft-ds 445/udp 159 | kpasswd 464/tcp 160 | kpasswd 464/udp 161 | urd 465/tcp ssmtp smtps # URL Rendesvous Directory for SSM 162 | saft 487/tcp # Simple Asynchronous File Transfer 163 | saft 487/udp 164 | isakmp 500/tcp # IPsec - Internet Security Association 165 | isakmp 500/udp # and Key Management Protocol 166 | rtsp 554/tcp # Real Time Stream Control Protocol 167 | rtsp 554/udp 168 | nqs 607/tcp # Network Queuing system 169 | nqs 607/udp 170 | npmp-local 610/tcp dqs313_qmaster # npmp-local / DQS 171 | npmp-local 610/udp dqs313_qmaster 172 | npmp-gui 611/tcp dqs313_execd # npmp-gui / DQS 173 | npmp-gui 611/udp dqs313_execd 174 | hmmp-ind 612/tcp dqs313_intercell # HMMP Indication / DQS 175 | hmmp-ind 612/udp dqs313_intercell 176 | asf-rmcp 623/udp # ASF Remote Management and Control Protocol 177 | qmqp 628/tcp 178 | qmqp 628/udp 179 | ipp 631/tcp # Internet Printing Protocol 180 | ipp 631/udp 181 | # 182 | # UNIX specific services 183 | # 184 | exec 512/tcp 185 | biff 512/udp comsat 186 | login 513/tcp 187 | who 513/udp whod 188 | shell 514/tcp cmd # no passwords used 189 | syslog 514/udp 190 | printer 515/tcp spooler # line printer spooler 191 | talk 517/udp 192 | ntalk 518/udp 193 | route 520/udp router routed # RIP 194 | timed 525/udp timeserver 195 | tempo 526/tcp newdate 196 | courier 530/tcp rpc 197 | conference 531/tcp chat 198 | netnews 532/tcp readnews 199 | netwall 533/udp # for emergency broadcasts 200 | gdomap 538/tcp # GNUstep distributed objects 201 | gdomap 538/udp 202 | uucp 540/tcp uucpd # uucp daemon 203 | klogin 543/tcp # Kerberized `rlogin' (v5) 204 | kshell 544/tcp krcmd # Kerberized `rsh' (v5) 205 | dhcpv6-client 546/tcp 206 | dhcpv6-client 546/udp 207 | dhcpv6-server 547/tcp 208 | dhcpv6-server 547/udp 209 | afpovertcp 548/tcp # AFP over TCP 210 | afpovertcp 548/udp 211 | idfp 549/tcp 212 | idfp 549/udp 213 | remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem 214 | nntps 563/tcp snntp # NNTP over SSL 215 | nntps 563/udp snntp 216 | submission 587/tcp # Submission [RFC4409] 217 | submission 587/udp 218 | ldaps 636/tcp # LDAP over SSL 219 | ldaps 636/udp 220 | tinc 655/tcp # tinc control port 221 | tinc 655/udp 222 | silc 706/tcp 223 | silc 706/udp 224 | kerberos-adm 749/tcp # Kerberos `kadmin' (v5) 225 | # 226 | webster 765/tcp # Network dictionary 227 | webster 765/udp 228 | rsync 873/tcp 229 | rsync 873/udp 230 | ftps-data 989/tcp # FTP over SSL (data) 231 | ftps 990/tcp 232 | telnets 992/tcp # Telnet over SSL 233 | telnets 992/udp 234 | imaps 993/tcp # IMAP over SSL 235 | imaps 993/udp 236 | ircs 994/tcp # IRC over SSL 237 | ircs 994/udp 238 | pop3s 995/tcp # POP-3 over SSL 239 | pop3s 995/udp 240 | # 241 | # From ``Assigned Numbers'': 242 | # 243 | #> The Registered Ports are not controlled by the IANA and on most systems 244 | #> can be used by ordinary user processes or programs executed by ordinary 245 | #> users. 246 | # 247 | #> Ports are used in the TCP [45,106] to name the ends of logical 248 | #> connections which carry long term conversations. For the purpose of 249 | #> providing services to unknown callers, a service contact port is 250 | #> defined. This list specifies the port used by the server process as its 251 | #> contact port. While the IANA can not control uses of these ports it 252 | #> does register or list uses of these ports as a convienence to the 253 | #> community. 254 | # 255 | socks 1080/tcp # socks proxy server 256 | socks 1080/udp 257 | proofd 1093/tcp 258 | proofd 1093/udp 259 | rootd 1094/tcp 260 | rootd 1094/udp 261 | openvpn 1194/tcp 262 | openvpn 1194/udp 263 | rmiregistry 1099/tcp # Java RMI Registry 264 | rmiregistry 1099/udp 265 | kazaa 1214/tcp 266 | kazaa 1214/udp 267 | nessus 1241/tcp # Nessus vulnerability 268 | nessus 1241/udp # assessment scanner 269 | lotusnote 1352/tcp lotusnotes # Lotus Note 270 | lotusnote 1352/udp lotusnotes 271 | ms-sql-s 1433/tcp # Microsoft SQL Server 272 | ms-sql-s 1433/udp 273 | ms-sql-m 1434/tcp # Microsoft SQL Monitor 274 | ms-sql-m 1434/udp 275 | ingreslock 1524/tcp 276 | ingreslock 1524/udp 277 | prospero-np 1525/tcp # Prospero non-privileged 278 | prospero-np 1525/udp 279 | datametrics 1645/tcp old-radius 280 | datametrics 1645/udp old-radius 281 | sa-msg-port 1646/tcp old-radacct 282 | sa-msg-port 1646/udp old-radacct 283 | kermit 1649/tcp 284 | kermit 1649/udp 285 | groupwise 1677/tcp 286 | groupwise 1677/udp 287 | l2f 1701/tcp l2tp 288 | l2f 1701/udp l2tp 289 | radius 1812/tcp 290 | radius 1812/udp 291 | radius-acct 1813/tcp radacct # Radius Accounting 292 | radius-acct 1813/udp radacct 293 | msnp 1863/tcp # MSN Messenger 294 | msnp 1863/udp 295 | unix-status 1957/tcp # remstats unix-status server 296 | log-server 1958/tcp # remstats log server 297 | remoteping 1959/tcp # remstats remoteping server 298 | cisco-sccp 2000/tcp # Cisco SCCP 299 | cisco-sccp 2000/udp 300 | search 2010/tcp ndtp 301 | pipe-server 2010/tcp pipe_server 302 | nfs 2049/tcp # Network File System 303 | nfs 2049/udp # Network File System 304 | gnunet 2086/tcp 305 | gnunet 2086/udp 306 | rtcm-sc104 2101/tcp # RTCM SC-104 IANA 1/29/99 307 | rtcm-sc104 2101/udp 308 | gsigatekeeper 2119/tcp 309 | gsigatekeeper 2119/udp 310 | gris 2135/tcp # Grid Resource Information Server 311 | gris 2135/udp 312 | cvspserver 2401/tcp # CVS client/server operations 313 | cvspserver 2401/udp 314 | venus 2430/tcp # codacon port 315 | venus 2430/udp # Venus callback/wbc interface 316 | venus-se 2431/tcp # tcp side effects 317 | venus-se 2431/udp # udp sftp side effect 318 | codasrv 2432/tcp # not used 319 | codasrv 2432/udp # server port 320 | codasrv-se 2433/tcp # tcp side effects 321 | codasrv-se 2433/udp # udp sftp side effect 322 | mon 2583/tcp # MON traps 323 | mon 2583/udp 324 | dict 2628/tcp # Dictionary server 325 | dict 2628/udp 326 | f5-globalsite 2792/tcp 327 | f5-globalsite 2792/udp 328 | gsiftp 2811/tcp 329 | gsiftp 2811/udp 330 | gpsd 2947/tcp 331 | gpsd 2947/udp 332 | gds-db 3050/tcp gds_db # InterBase server 333 | gds-db 3050/udp gds_db 334 | icpv2 3130/tcp icp # Internet Cache Protocol 335 | icpv2 3130/udp icp 336 | iscsi-target 3260/tcp 337 | mysql 3306/tcp 338 | mysql 3306/udp 339 | nut 3493/tcp # Network UPS Tools 340 | nut 3493/udp 341 | distcc 3632/tcp # distributed compiler 342 | distcc 3632/udp 343 | daap 3689/tcp # Digital Audio Access Protocol 344 | daap 3689/udp 345 | svn 3690/tcp subversion # Subversion protocol 346 | svn 3690/udp subversion 347 | status 4000/tcp # rpc.statd tcp port 348 | status 4000/udp # rpc.statd udp port 349 | mountd 4002/tcp # mountd tcp port 350 | mountd 4002/udp # mountd udp port 351 | rquotad 4003/tcp # rpc.rquotad tcp port 352 | rquotad 4003/udp # rpc.rquotad udp port 353 | suucp 4031/tcp # UUCP over SSL 354 | suucp 4031/udp 355 | sysrqd 4094/tcp # sysrq daemon 356 | sysrqd 4094/udp 357 | sieve 4190/tcp # ManageSieve Protocol 358 | epmd 4369/tcp # Erlang Port Mapper Daemon 359 | epmd 4369/udp 360 | remctl 4373/tcp # Remote Authenticated Command Service 361 | remctl 4373/udp 362 | f5-iquery 4353/tcp # F5 iQuery 363 | f5-iquery 4353/udp 364 | ipsec-nat-t 4500/udp # IPsec NAT-Traversal [RFC3947] 365 | iax 4569/tcp # Inter-Asterisk eXchange 366 | iax 4569/udp 367 | mtn 4691/tcp # monotone Netsync Protocol 368 | mtn 4691/udp 369 | radmin-port 4899/tcp # RAdmin Port 370 | radmin-port 4899/udp 371 | rfe 5002/udp # Radio Free Ethernet 372 | rfe 5002/tcp 373 | mmcc 5050/tcp # multimedia conference control tool (Yahoo IM) 374 | mmcc 5050/udp 375 | sip 5060/tcp # Session Initiation Protocol 376 | sip 5060/udp 377 | sip-tls 5061/tcp 378 | sip-tls 5061/udp 379 | aol 5190/tcp # AIM 380 | aol 5190/udp 381 | xmpp-client 5222/tcp jabber-client # Jabber Client Connection 382 | xmpp-client 5222/udp jabber-client 383 | xmpp-server 5269/tcp jabber-server # Jabber Server Connection 384 | xmpp-server 5269/udp jabber-server 385 | cfengine 5308/tcp 386 | cfengine 5308/udp 387 | mdns 5353/tcp # Multicast DNS 388 | mdns 5353/udp 389 | postgresql 5432/tcp postgres # PostgreSQL Database 390 | postgresql 5432/udp postgres 391 | freeciv 5556/tcp rptp # Freeciv gameplay 392 | freeciv 5556/udp 393 | amqp 5672/tcp 394 | amqp 5672/udp 395 | amqp 5672/sctp 396 | ggz 5688/tcp # GGZ Gaming Zone 397 | ggz 5688/udp 398 | x11 6000/tcp x11-0 # X Window System 399 | x11 6000/udp x11-0 400 | x11-1 6001/tcp 401 | x11-1 6001/udp 402 | x11-2 6002/tcp 403 | x11-2 6002/udp 404 | x11-3 6003/tcp 405 | x11-3 6003/udp 406 | x11-4 6004/tcp 407 | x11-4 6004/udp 408 | x11-5 6005/tcp 409 | x11-5 6005/udp 410 | x11-6 6006/tcp 411 | x11-6 6006/udp 412 | x11-7 6007/tcp 413 | x11-7 6007/udp 414 | gnutella-svc 6346/tcp # gnutella 415 | gnutella-svc 6346/udp 416 | gnutella-rtr 6347/tcp # gnutella 417 | gnutella-rtr 6347/udp 418 | sge-qmaster 6444/tcp sge_qmaster # Grid Engine Qmaster Service 419 | sge-qmaster 6444/udp sge_qmaster 420 | sge-execd 6445/tcp sge_execd # Grid Engine Execution Service 421 | sge-execd 6445/udp sge_execd 422 | mysql-proxy 6446/tcp # MySQL Proxy 423 | mysql-proxy 6446/udp 424 | afs3-fileserver 7000/tcp bbs # file server itself 425 | afs3-fileserver 7000/udp bbs 426 | afs3-callback 7001/tcp # callbacks to cache managers 427 | afs3-callback 7001/udp 428 | afs3-prserver 7002/tcp # users & groups database 429 | afs3-prserver 7002/udp 430 | afs3-vlserver 7003/tcp # volume location database 431 | afs3-vlserver 7003/udp 432 | afs3-kaserver 7004/tcp # AFS/Kerberos authentication 433 | afs3-kaserver 7004/udp 434 | afs3-volser 7005/tcp # volume managment server 435 | afs3-volser 7005/udp 436 | afs3-errors 7006/tcp # error interpretation service 437 | afs3-errors 7006/udp 438 | afs3-bos 7007/tcp # basic overseer process 439 | afs3-bos 7007/udp 440 | afs3-update 7008/tcp # server-to-server updater 441 | afs3-update 7008/udp 442 | afs3-rmtsys 7009/tcp # remote cache manager service 443 | afs3-rmtsys 7009/udp 444 | font-service 7100/tcp xfs # X Font Service 445 | font-service 7100/udp xfs 446 | http-alt 8080/tcp webcache # WWW caching service 447 | http-alt 8080/udp 448 | bacula-dir 9101/tcp # Bacula Director 449 | bacula-dir 9101/udp 450 | bacula-fd 9102/tcp # Bacula File Daemon 451 | bacula-fd 9102/udp 452 | bacula-sd 9103/tcp # Bacula Storage Daemon 453 | bacula-sd 9103/udp 454 | xmms2 9667/tcp # Cross-platform Music Multiplexing System 455 | xmms2 9667/udp 456 | nbd 10809/tcp # Linux Network Block Device 457 | zabbix-agent 10050/tcp # Zabbix Agent 458 | zabbix-agent 10050/udp 459 | zabbix-trapper 10051/tcp # Zabbix Trapper 460 | zabbix-trapper 10051/udp 461 | amanda 10080/tcp # amanda backup services 462 | amanda 10080/udp 463 | dicom 11112/tcp 464 | hkp 11371/tcp # OpenPGP HTTP Keyserver 465 | hkp 11371/udp 466 | bprd 13720/tcp # VERITAS NetBackup 467 | bprd 13720/udp 468 | bpdbm 13721/tcp # VERITAS NetBackup 469 | bpdbm 13721/udp 470 | bpjava-msvc 13722/tcp # BP Java MSVC Protocol 471 | bpjava-msvc 13722/udp 472 | vnetd 13724/tcp # Veritas Network Utility 473 | vnetd 13724/udp 474 | bpcd 13782/tcp # VERITAS NetBackup 475 | bpcd 13782/udp 476 | vopied 13783/tcp # VERITAS NetBackup 477 | vopied 13783/udp 478 | db-lsp 17500/tcp # Dropbox LanSync Protocol 479 | dcap 22125/tcp # dCache Access Protocol 480 | gsidcap 22128/tcp # GSI dCache Access Protocol 481 | wnn6 22273/tcp # wnn6 482 | wnn6 22273/udp 483 | 484 | # 485 | # Datagram Delivery Protocol services 486 | # 487 | rtmp 1/ddp # Routing Table Maintenance Protocol 488 | nbp 2/ddp # Name Binding Protocol 489 | echo 4/ddp # AppleTalk Echo Protocol 490 | zip 6/ddp # Zone Information Protocol 491 | 492 | #========================================================================= 493 | # The remaining port numbers are not as allocated by IANA. 494 | #========================================================================= 495 | 496 | # Kerberos (Project Athena/MIT) services 497 | # Note that these are for Kerberos v4, and are unofficial. Sites running 498 | # v4 should uncomment these and comment out the v5 entries above. 499 | # 500 | kerberos4 750/udp kerberos-iv kdc # Kerberos (server) 501 | kerberos4 750/tcp kerberos-iv kdc 502 | kerberos-master 751/udp kerberos_master # Kerberos authentication 503 | kerberos-master 751/tcp 504 | passwd-server 752/udp passwd_server # Kerberos passwd server 505 | krb-prop 754/tcp krb_prop krb5_prop hprop # Kerberos slave propagation 506 | krbupdate 760/tcp kreg # Kerberos registration 507 | swat 901/tcp # swat 508 | kpop 1109/tcp # Pop with Kerberos 509 | knetd 2053/tcp # Kerberos de-multiplexor 510 | zephyr-srv 2102/udp # Zephyr server 511 | zephyr-clt 2103/udp # Zephyr serv-hm connection 512 | zephyr-hm 2104/udp # Zephyr hostmanager 513 | eklogin 2105/tcp # Kerberos encrypted rlogin 514 | # Hmmm. Are we using Kv4 or Kv5 now? Worrying. 515 | # The following is probably Kerberos v5 --- ajt@debian.org (11/02/2000) 516 | kx 2111/tcp # X over Kerberos 517 | iprop 2121/tcp # incremental propagation 518 | # 519 | # Unofficial but necessary (for NetBSD) services 520 | # 521 | supfilesrv 871/tcp # SUP server 522 | supfiledbg 1127/tcp # SUP debugging 523 | 524 | # 525 | # Services added for the Debian GNU/Linux distribution 526 | # 527 | linuxconf 98/tcp # LinuxConf 528 | poppassd 106/tcp # Eudora 529 | poppassd 106/udp 530 | moira-db 775/tcp moira_db # Moira database 531 | moira-update 777/tcp moira_update # Moira update protocol 532 | moira-ureg 779/udp moira_ureg # Moira user registration 533 | spamd 783/tcp # spamassassin daemon 534 | omirr 808/tcp omirrd # online mirror 535 | omirr 808/udp omirrd 536 | customs 1001/tcp # pmake customs server 537 | customs 1001/udp 538 | skkserv 1178/tcp # skk jisho server port 539 | predict 1210/udp # predict -- satellite tracking 540 | rmtcfg 1236/tcp # Gracilis Packeten remote config server 541 | wipld 1300/tcp # Wipl network monitor 542 | xtel 1313/tcp # french minitel 543 | xtelw 1314/tcp # french minitel 544 | support 1529/tcp # GNATS 545 | cfinger 2003/tcp # GNU Finger 546 | frox 2121/tcp # frox: caching ftp proxy 547 | ninstall 2150/tcp # ninstall service 548 | ninstall 2150/udp 549 | zebrasrv 2600/tcp # zebra service 550 | zebra 2601/tcp # zebra vty 551 | ripd 2602/tcp # ripd vty (zebra) 552 | ripngd 2603/tcp # ripngd vty (zebra) 553 | ospfd 2604/tcp # ospfd vty (zebra) 554 | bgpd 2605/tcp # bgpd vty (zebra) 555 | ospf6d 2606/tcp # ospf6d vty (zebra) 556 | ospfapi 2607/tcp # OSPF-API 557 | isisd 2608/tcp # ISISd vty (zebra) 558 | afbackup 2988/tcp # Afbackup system 559 | afbackup 2988/udp 560 | afmbackup 2989/tcp # Afmbackup system 561 | afmbackup 2989/udp 562 | xtell 4224/tcp # xtell server 563 | fax 4557/tcp # FAX transmission service (old) 564 | hylafax 4559/tcp # HylaFAX client-server protocol (new) 565 | distmp3 4600/tcp # distmp3host daemon 566 | munin 4949/tcp lrrd # Munin 567 | enbd-cstatd 5051/tcp # ENBD client statd 568 | enbd-sstatd 5052/tcp # ENBD server statd 569 | pcrd 5151/tcp # PCR-1000 Daemon 570 | noclog 5354/tcp # noclogd with TCP (nocol) 571 | noclog 5354/udp # noclogd with UDP (nocol) 572 | hostmon 5355/tcp # hostmon uses TCP (nocol) 573 | hostmon 5355/udp # hostmon uses UDP (nocol) 574 | rplay 5555/udp # RPlay audio service 575 | nrpe 5666/tcp # Nagios Remote Plugin Executor 576 | nsca 5667/tcp # Nagios Agent - NSCA 577 | mrtd 5674/tcp # MRT Routing Daemon 578 | bgpsim 5675/tcp # MRT Routing Simulator 579 | canna 5680/tcp # cannaserver 580 | syslog-tls 6514/tcp # Syslog over TLS [RFC5425] 581 | sane-port 6566/tcp sane saned # SANE network scanner daemon 582 | ircd 6667/tcp # Internet Relay Chat 583 | zope-ftp 8021/tcp # zope management by ftp 584 | tproxy 8081/tcp # Transparent Proxy 585 | omniorb 8088/tcp # OmniORB 586 | omniorb 8088/udp 587 | clc-build-daemon 8990/tcp # Common lisp build daemon 588 | xinetd 9098/tcp 589 | mandelspawn 9359/udp mandelbrot # network mandelbrot 590 | git 9418/tcp # Git Version Control System 591 | zope 9673/tcp # zope server 592 | webmin 10000/tcp 593 | kamanda 10081/tcp # amanda backup services (Kerberos) 594 | kamanda 10081/udp 595 | amandaidx 10082/tcp # amanda backup services 596 | amidxtape 10083/tcp # amanda backup services 597 | smsqp 11201/tcp # Alamin SMS gateway 598 | smsqp 11201/udp 599 | xpilot 15345/tcp # XPilot Contact Port 600 | xpilot 15345/udp 601 | sgi-cmsd 17001/udp # Cluster membership services daemon 602 | sgi-crsd 17002/udp 603 | sgi-gcd 17003/udp # SGI Group membership daemon 604 | sgi-cad 17004/tcp # Cluster Admin daemon 605 | isdnlog 20011/tcp # isdn logging system 606 | isdnlog 20011/udp 607 | vboxd 20012/tcp # voice box system 608 | vboxd 20012/udp 609 | binkp 24554/tcp # binkp fidonet protocol 610 | asp 27374/tcp # Address Search Protocol 611 | asp 27374/udp 612 | csync2 30865/tcp # cluster synchronization tool 613 | dircproxy 57000/tcp # Detachable IRC Proxy 614 | tfido 60177/tcp # fidonet EMSI over telnet 615 | fido 60179/tcp # fidonet EMSI over TCP 616 | 617 | # Local services 618 | -------------------------------------------------------------------------------- /chapter6/deployment-hostname.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hostname-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: webserver 10 | template: 11 | metadata: 12 | name: my-webserver 13 | labels: 14 | app: webserver 15 | spec: 16 | containers: 17 | - name: my-webserver 18 | image: alicek106/rr-test:echo-hostname 19 | ports: 20 | - containerPort: 80 21 | 22 | -------------------------------------------------------------------------------- /chapter6/deployment-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: my-nginx-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: my-nginx 10 | template: 11 | metadata: 12 | name: my-nginx-pod 13 | labels: 14 | app: my-nginx 15 | spec: 16 | containers: 17 | - name: nginx 18 | image: nginx:1.10 19 | ports: 20 | - containerPort: 80 21 | 22 | -------------------------------------------------------------------------------- /chapter6/external-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: externalname-svc 5 | spec: 6 | type: ExternalName 7 | externalName: my.database.com 8 | 9 | -------------------------------------------------------------------------------- /chapter6/hostname-svc-clusterip.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: hostname-svc-clusterip 5 | spec: 6 | ports: 7 | - name: web-port 8 | port: 8080 9 | targetPort: 80 10 | selector: 11 | app: webserver 12 | type: ClusterIP 13 | -------------------------------------------------------------------------------- /chapter6/hostname-svc-lb-local.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: hostname-svc-lb-local 5 | spec: 6 | externalTrafficPolicy: Local 7 | ports: 8 | - name: web-port 9 | port: 80 10 | targetPort: 80 11 | selector: 12 | app: webserver 13 | type: LoadBalancer 14 | 15 | -------------------------------------------------------------------------------- /chapter6/hostname-svc-lb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: hostname-svc-lb 5 | spec: 6 | ports: 7 | - name: web-port 8 | port: 80 9 | targetPort: 80 10 | selector: 11 | app: webserver 12 | type: LoadBalancer 13 | 14 | -------------------------------------------------------------------------------- /chapter6/hostname-svc-nlb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: hostname-svc-nlb 5 | annotations: 6 | service.beta.kubernetes.io/aws-load-balancer-type: "nlb" 7 | spec: 8 | ports: 9 | - name: web-port 10 | port: 80 11 | targetPort: 80 12 | selector: 13 | app: webserver 14 | type: LoadBalancer 15 | 16 | -------------------------------------------------------------------------------- /chapter6/hostname-svc-nodeport-affinity.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: hostname-svc-nodeport-affinity 5 | spec: 6 | sessionAffinity: ClientIP 7 | ports: 8 | - name: web-port 9 | port: 80 10 | targetPort: 80 11 | selector: 12 | app: webserver 13 | type: NodePort 14 | -------------------------------------------------------------------------------- /chapter6/hostname-svc-nodeport-custom.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: hostname-svc-nodeport 5 | spec: 6 | ports: 7 | - name: web-port 8 | port: 8080 9 | targetPort: 80 10 | nodePort: 31000 11 | selector: 12 | app: webserver 13 | type: NodePort 14 | -------------------------------------------------------------------------------- /chapter6/hostname-svc-nodeport.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: hostname-svc-nodeport 5 | spec: 6 | ports: 7 | - name: web-port 8 | port: 8080 9 | targetPort: 80 10 | selector: 11 | app: webserver 12 | type: NodePort 13 | 14 | -------------------------------------------------------------------------------- /chapter6/nginx-pod-with-ubuntu.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-nginx-pod 5 | spec: 6 | containers: 7 | - name: my-nginx-container 8 | image: nginx:latest 9 | ports: 10 | - containerPort: 80 11 | protocol: TCP 12 | 13 | - name: ubuntu-sidecar-container 14 | image: alicek106/rr-test:curl 15 | command: ["tail"] 16 | args: ["-f", "/dev/null"] # 포드가 종료되지 않도록 유지합니다 17 | -------------------------------------------------------------------------------- /chapter6/nginx-pod-without-rs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-nginx-pod 5 | labels: 6 | app: my-nginx-pods-label 7 | spec: 8 | containers: 9 | - name: my-nginx-container 10 | image: nginx:latest 11 | ports: 12 | - containerPort: 80 13 | -------------------------------------------------------------------------------- /chapter6/nginx-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-nginx-pod 5 | spec: 6 | containers: 7 | - name: my-nginx-container 8 | image: nginx:latest 9 | ports: 10 | - containerPort: 80 11 | protocol: TCP 12 | -------------------------------------------------------------------------------- /chapter6/replicaset-nginx-4pods.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: replicaset-nginx 5 | spec: 6 | replicas: 4 7 | selector: 8 | matchLabels: 9 | app: my-nginx-pods-label 10 | template: 11 | metadata: 12 | name: my-nginx-pod 13 | labels: 14 | app: my-nginx-pods-label 15 | spec: 16 | containers: 17 | - name: nginx 18 | image: nginx:latest 19 | ports: 20 | - containerPort: 80 21 | -------------------------------------------------------------------------------- /chapter6/replicaset-nginx-match-expression.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: replicaset-nginx 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: our-nginx-pods-label 10 | matchExpressions: 11 | - key: app2 12 | values: 13 | - my-nginx-pods-label 14 | - your-nginx-pods-label 15 | operator: In 16 | template: 17 | metadata: 18 | name: my-nginx-pod 19 | labels: 20 | app: our-nginx-pods-label 21 | app2: my-nginx-pods-label 22 | spec: 23 | containers: 24 | - name: nginx 25 | image: nginx:latest 26 | ports: 27 | - containerPort: 80 28 | -------------------------------------------------------------------------------- /chapter6/replicaset-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: replicaset-nginx 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: my-nginx-pods-label 10 | template: 11 | metadata: 12 | name: my-nginx-pod 13 | labels: 14 | app: my-nginx-pods-label 15 | spec: 16 | containers: 17 | - name: nginx 18 | image: nginx:latest 19 | ports: 20 | - containerPort: 80 21 | -------------------------------------------------------------------------------- /chapter7/all-env-from-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: container-env-example 5 | spec: 6 | containers: 7 | - name: my-container 8 | image: busybox 9 | args: ['tail', '-f', '/dev/null'] 10 | envFrom: 11 | - configMapRef: 12 | name: log-level-configmap 13 | - configMapRef: 14 | name: start-k8s 15 | -------------------------------------------------------------------------------- /chapter7/deployment-from-private-repo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: deployment-from-prvate-repo 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: myapp 9 | template: 10 | metadata: 11 | name: mypod 12 | labels: 13 | app: myapp 14 | spec: 15 | containers: 16 | - name: test-container 17 | image: alicek106.ipdisk.co.kr/busybox:latest 18 | args: ['tail', '-f', '/dev/null'] 19 | imagePullSecrets: 20 | - name: registry-auth-registry 21 | -------------------------------------------------------------------------------- /chapter7/env-from-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: secret-env-example 5 | spec: 6 | containers: 7 | - name: my-container 8 | image: busybox 9 | args: ['tail', '-f', '/dev/null'] 10 | envFrom: 11 | - secretRef: 12 | name: my-password 13 | -------------------------------------------------------------------------------- /chapter7/env-hard-coding-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: env-hard-coding-deployment 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: my-nginx 10 | template: 11 | metadata: 12 | name: my-nginx-pod 13 | labels: 14 | app: my-nginx 15 | spec: 16 | containers: 17 | - name: nginx 18 | env: 19 | - name: LOG_LEVEL 20 | value: INFO 21 | image: nginx:1.10 22 | ports: 23 | - containerPort: 80 24 | -------------------------------------------------------------------------------- /chapter7/hostname-deploy-svc-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hostname-deployment-ns 5 | namespace: production 6 | spec: 7 | replicas: 1 8 | selector: 9 | matchLabels: 10 | app: webserver 11 | template: 12 | metadata: 13 | name: my-webserver 14 | labels: 15 | app: webserver 16 | spec: 17 | containers: 18 | - name: my-webserver 19 | image: alicek106/rr-test:echo-hostname 20 | ports: 21 | - containerPort: 80 22 | --- 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | name: hostname-svc-clusterip-ns 27 | namespace: production 28 | spec: 29 | ports: 30 | - name: web-port 31 | port: 8080 32 | targetPort: 80 33 | selector: 34 | app: webserver 35 | type: ClusterIP 36 | -------------------------------------------------------------------------------- /chapter7/kustomization.yaml: -------------------------------------------------------------------------------- 1 | secretGenerator: # 시크릿을 생성하기 위한 지시문 2 | - name: kustomize-secret 3 | type: kubernetes.io/tls # tls 타입의 시크릿을 생성 4 | files: 5 | - tls.crt=cert.crt # tls.crt 라는 키에 cert.crt 파일의 내용을 저장 6 | - tls.key=cert.key # tls.key 라는 키에 cert.key 파일의 내용을 저장 7 | -------------------------------------------------------------------------------- /chapter7/multiple-keyvalue.env: -------------------------------------------------------------------------------- 1 | mykey1=myvalue1 2 | mykey2=myvalue2 3 | mykey3=myvalue3 4 | -------------------------------------------------------------------------------- /chapter7/my-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: my-configmap 5 | data: 6 | mykey: yourvalue 7 | 8 | -------------------------------------------------------------------------------- /chapter7/production-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: production 5 | -------------------------------------------------------------------------------- /chapter7/selective-env-from-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: container-selective-env-example 5 | spec: 6 | containers: 7 | - name: my-container 8 | image: busybox 9 | args: ['tail', '-f', '/dev/null'] 10 | env: 11 | - name: ENV_KEYNAME_1 # (1.1) 컨테이너에 새롭게 등록될 환경 변수 이름 12 | valueFrom: 13 | configMapKeyRef: 14 | name: log-level-configmap 15 | key: LOG_LEVEL 16 | - name: ENV_KEYNAME_2 # (1.2) 컨테이너에 새롭게 등록될 환경 변수 이름 17 | valueFrom: 18 | configMapKeyRef: 19 | name: start-k8s # (2) 참조할 컨피그맵의 이름 20 | key: k8s # (3) 가져올 데이터 값의 키 21 | # 최종 결과 -> ENV_KEYNAME_2=$(k8s 키에 해당하는 값) 22 | # ENV_KEYNAME_2=kubernetes 23 | -------------------------------------------------------------------------------- /chapter7/selective-env-from-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: selective-secret-env-example 5 | spec: 6 | containers: 7 | - name: my-container 8 | image: busybox 9 | args: ['tail', '-f', '/dev/null'] 10 | env: 11 | - name: YOUR_PASSWORD 12 | valueFrom: 13 | secretKeyRef: 14 | name: our-password 15 | key: pw2 16 | -------------------------------------------------------------------------------- /chapter7/selective-mount-secret.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alicek106/start-docker-kubernetes/7b79350a86e0daea4dea7178d0de4e67c27824a2/chapter7/selective-mount-secret.yaml -------------------------------------------------------------------------------- /chapter7/selective-volume-configmap.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alicek106/start-docker-kubernetes/7b79350a86e0daea4dea7178d0de4e67c27824a2/chapter7/selective-volume-configmap.yaml -------------------------------------------------------------------------------- /chapter7/volume-mount-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: configmap-volume-pod 5 | spec: 6 | containers: 7 | - name: my-container 8 | image: busybox 9 | args: [ "tail", "-f", "/dev/null" ] 10 | volumeMounts: 11 | - name: configmap-volume # volumes에서 정의한 컨피그맵 볼륨 이름 12 | mountPath: /etc/config # 컨피그맵의 데이터가 위치할 경로 13 | 14 | volumes: 15 | - name: configmap-volume # 컨피그맵 볼륨 이름 16 | configMap: 17 | name: start-k8s 18 | -------------------------------------------------------------------------------- /chapter7/volume-mount-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: secret-volume-pod 5 | spec: 6 | containers: 7 | - name: my-container 8 | image: busybox 9 | args: [ "tail", "-f", "/dev/null" ] 10 | volumeMounts: 11 | - name: secret-volume # volumes에서 정의한 시크릿 볼륨 이름 12 | mountPath: /etc/secret # 시크릿의 데이터가 위치할 경로 13 | volumes: 14 | - name: secret-volume # 시크릿 볼륨 이름 15 | secret: 16 | secretName: our-password # 키-값 쌍을 가져올 컨피그맵 이름 17 | -------------------------------------------------------------------------------- /chapter8/hostname-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hostname-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: webserver 10 | template: 11 | metadata: 12 | name: my-webserver 13 | labels: 14 | app: webserver 15 | spec: 16 | containers: 17 | - name: my-webserver 18 | image: alicek106/ingress-annotation-test:0.0 19 | ports: 20 | - containerPort: 5000 21 | name: flask-port 22 | 23 | -------------------------------------------------------------------------------- /chapter8/hostname-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: hostname-service 5 | spec: 6 | ports: 7 | - name: web-port 8 | port: 80 9 | targetPort: flask-port 10 | selector: 11 | app: webserver 12 | type: ClusterIP 13 | -------------------------------------------------------------------------------- /chapter8/ingress-custom-class-k8s-latest.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-example 5 | annotations: 6 | nginx.ingress.kubernetes.io/rewrite-target: / 7 | kubernetes.io/ingress.class: "alicek106-nginx" 8 | spec: 9 | rules: 10 | - host: alicek106.example.com # [1] 11 | http: 12 | paths: 13 | - path: /echo-hostname # [2] 14 | pathType: Prefix 15 | backend: 16 | service: 17 | name: hostname-service # [3] 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /chapter8/ingress-custom-class.yaml: -------------------------------------------------------------------------------- 1 | # 쿠버네티스 1.22 버전 이상부터 ingress의 스펙이 바뀌었으며, 아래의 매니페스트를 사용할 수 없게 변경되었습니다. 2 | # 최신 버전의 쿠버네티스를 사용하고 있다면 ingress-custom-class-k8s-latest.yaml 파일을 통해 실습을 진행해주세요. 3 | # 참고 링크 : https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingress-v122 4 | apiVersion: networking.k8s.io/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: ingress-example 8 | annotations: 9 | nginx.ingress.kubernetes.io/rewrite-target: / 10 | kubernetes.io/ingress.class: "alicek106-nginx" 11 | spec: 12 | rules: 13 | - host: alicek106.example.com # [1] 14 | http: 15 | paths: 16 | - path: /echo-hostname # [2] 17 | backend: 18 | serviceName: hostname-service # [3] 19 | servicePort: 80 20 | -------------------------------------------------------------------------------- /chapter8/ingress-example-k8s-latest.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-example 5 | annotations: 6 | nginx.ingress.kubernetes.io/rewrite-target: / 7 | kubernetes.io/ingress.class: "nginx" 8 | spec: 9 | rules: 10 | - host: alicek106.example.com # [1] 11 | http: 12 | paths: 13 | - path: /echo-hostname # [2] 14 | pathType: Prefix 15 | backend: 16 | service: 17 | name: hostname-service # [3] 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /chapter8/ingress-example.yaml: -------------------------------------------------------------------------------- 1 | # 쿠버네티스 1.22 버전 이상부터 ingress의 스펙이 바뀌었으며, 아래의 매니페스트를 사용할 수 없게 변경되었습니다. 2 | # 최신 버전의 쿠버네티스를 사용하고 있다면 ingress-example-k8s-latest.yaml 파일을 통해 실습을 진행해주세요. 3 | # 참고 링크 : https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingress-v122 4 | apiVersion: networking.k8s.io/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: ingress-example 8 | annotations: 9 | nginx.ingress.kubernetes.io/rewrite-target: / 10 | kubernetes.io/ingress.class: "nginx" 11 | spec: 12 | rules: 13 | - host: alicek106.example.com # [1] 14 | http: 15 | paths: 16 | - path: /echo-hostname # [2] 17 | backend: 18 | serviceName: hostname-service # [3] 19 | servicePort: 80 20 | -------------------------------------------------------------------------------- /chapter8/ingress-nginx-svc-nodeport.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: controller 6 | app.kubernetes.io/instance: ingress-nginx 7 | app.kubernetes.io/managed-by: Helm 8 | app.kubernetes.io/name: ingress-nginx 9 | name: ingress-nginx-controller-nodeport 10 | namespace: ingress-nginx 11 | spec: 12 | ports: 13 | - name: http 14 | nodePort: 31000 15 | port: 80 16 | protocol: TCP 17 | targetPort: http 18 | - name: https 19 | nodePort: 32000 20 | port: 443 21 | protocol: TCP 22 | targetPort: https 23 | selector: 24 | app.kubernetes.io/component: controller 25 | app.kubernetes.io/instance: ingress-nginx 26 | app.kubernetes.io/name: ingress-nginx 27 | type: NodePort 28 | -------------------------------------------------------------------------------- /chapter8/ingress-rewrite-target-k8s-latest.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-example 5 | annotations: 6 | nginx.ingress.kubernetes.io/rewrite-target: /$2 # path의 (.*) 에서 획득한 경로로 전달합니다. 7 | kubernetes.io/ingress.class: "nginx" 8 | spec: 9 | rules: 10 | - host: <여러분이 Nginx 컨트롤러에 접근하기 위한 도메인 이름을 입력합니다> 11 | #- host: a2cbfefcfbcfd48f8b4c15039fbb6d0a-1976179327.ap-northeast-2.elb.amazonaws.com 12 | http: 13 | paths: 14 | - path: /echo-hostname(/|$)(.*) # (.*) 을 통해 경로를 얻습니다. 15 | pathType: Prefix 16 | backend: 17 | service: 18 | name: hostname-service 19 | port: 20 | number: 80 21 | -------------------------------------------------------------------------------- /chapter8/ingress-rewrite-target.yaml: -------------------------------------------------------------------------------- 1 | # 쿠버네티스 1.22 버전 이상부터 ingress의 스펙이 바뀌었으며, 아래의 매니페스트를 사용할 수 없게 변경되었습니다. 2 | # 최신 버전의 쿠버네티스를 사용하고 있다면 ingress-rewrite-target-k8s-latest.yaml 파일을 통해 실습을 진행해주세요. 3 | # 참고 링크 : https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingress-v122 4 | apiVersion: networking.k8s.io/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: ingress-example 8 | annotations: 9 | nginx.ingress.kubernetes.io/rewrite-target: /$2 # path의 (.*) 에서 획득한 경로로 전달합니다. 10 | kubernetes.io/ingress.class: "nginx" 11 | spec: 12 | rules: 13 | - host: <여러분이 Nginx 컨트롤러에 접근하기 위한 도메인 이름을 입력합니다> 14 | #- host: a2cbfefcfbcfd48f8b4c15039fbb6d0a-1976179327.ap-northeast-2.elb.amazonaws.com 15 | http: 16 | paths: 17 | - path: /echo-hostname(/|$)(.*) # (.*) 을 통해 경로를 얻습니다. 18 | backend: 19 | serviceName: hostname-service 20 | servicePort: 80 21 | -------------------------------------------------------------------------------- /chapter8/ingress-service-lb.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: ingress-nginx 5 | namespace: ingress-nginx 6 | spec: 7 | type: LoadBalancer 8 | selector: 9 | app.kubernetes.io/name: ingress-nginx 10 | app.kubernetes.io/part-of: ingress-nginx 11 | ports: 12 | - name: http 13 | port: 80 14 | targetPort: http 15 | - name: https 16 | port: 443 17 | targetPort: https 18 | -------------------------------------------------------------------------------- /chapter8/ingress-tls-k8s-latest.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-example 5 | annotations: 6 | nginx.ingress.kubernetes.io/rewrite-target: / 7 | kubernetes.io/ingress.class: "nginx" 8 | spec: 9 | tls: 10 | - hosts: 11 | - alicek106.example.com # 여러분의 도메인 이름을 입력해야 합니다. 12 | secretName: tls-secret 13 | rules: 14 | - host: alicek106.example.com # 여러분의 도메인 이름을 입력해야 합니다. 15 | http: 16 | paths: 17 | - path: /echo-hostname 18 | pathType: Prefix 19 | backend: 20 | service: 21 | name: hostname-service 22 | port: 23 | number: 80 24 | -------------------------------------------------------------------------------- /chapter8/ingress-tls.yaml: -------------------------------------------------------------------------------- 1 | # 쿠버네티스 1.22 버전 이상부터 ingress의 스펙이 바뀌었으며, 아래의 매니페스트를 사용할 수 없게 변경되었습니다. 2 | # 최신 버전의 쿠버네티스를 사용하고 있다면 ingress-tls-k8s-latest.yaml 파일을 통해 실습을 진행해주세요. 3 | # 참고 링크 : https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingress-v122 4 | apiVersion: networking.k8s.io/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: ingress-example 8 | annotations: 9 | nginx.ingress.kubernetes.io/rewrite-target: / 10 | kubernetes.io/ingress.class: "nginx" 11 | spec: 12 | tls: 13 | - hosts: 14 | - alicek106.example.com # 여러분의 도메인 이름을 입력해야 합니다. 15 | secretName: tls-secret 16 | rules: 17 | - host: alicek106.example.com # 여러분의 도메인 이름을 입력해야 합니다. 18 | http: 19 | paths: 20 | - path: /echo-hostname 21 | backend: 22 | serviceName: hostname-service 23 | servicePort: 80 24 | -------------------------------------------------------------------------------- /chapter8/minimal-ingress-k8s-latest.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: minimal-ingress 5 | spec: 6 | rules: 7 | - http: 8 | paths: 9 | - path: / 10 | pathType: Prefix 11 | backend: 12 | service: 13 | name: hostname-service 14 | port: 15 | number: 80 16 | -------------------------------------------------------------------------------- /chapter8/minimal-ingress.yaml: -------------------------------------------------------------------------------- 1 | # 쿠버네티스 1.22 버전 이상부터 ingress의 스펙이 바뀌었으며, 아래의 매니페스트를 사용할 수 없게 변경되었습니다. 2 | # 최신 버전의 쿠버네티스를 사용하고 있다면 minimal-ingress-k8s-latest.yaml 파일을 통해 실습을 진행해주세요. 3 | # 참고 링크 : https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingress-v122 4 | apiVersion: networking.k8s.io/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: minimal-ingress 8 | spec: 9 | backend: 10 | serviceName: hostname-service 11 | servicePort: 80 12 | -------------------------------------------------------------------------------- /chapter9/ebs-pod-pvc-custom-sc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: my-ebs-pvc-custom-sc 5 | spec: 6 | storageClassName: my-ebs-volume 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | --- 13 | apiVersion: v1 14 | kind: Pod 15 | metadata: 16 | name: ebs-mount-container-custom-sc 17 | spec: 18 | containers: 19 | - name: ebs-mount-container 20 | image: busybox 21 | args: [ "tail", "-f", "/dev/null" ] 22 | volumeMounts: 23 | - name: ebs-volume 24 | mountPath: /mnt 25 | volumes: 26 | - name : ebs-volume 27 | persistentVolumeClaim: 28 | claimName: my-ebs-pvc-custom-sc 29 | -------------------------------------------------------------------------------- /chapter9/ebs-pod-pvc-label-selector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: my-ebs-pvc-selector 5 | spec: 6 | selector: 7 | matchLabels: 8 | region: ap-northeast-2a 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: 5Gi 14 | --- 15 | apiVersion: v1 16 | kind: Pod 17 | metadata: 18 | name: ebs-mount-container-label 19 | spec: 20 | containers: 21 | - name: ebs-mount-container 22 | image: busybox 23 | args: [ "tail", "-f", "/dev/null" ] 24 | volumeMounts: 25 | - name: ebs-volume 26 | mountPath: /mnt 27 | volumes: 28 | - name : ebs-volume 29 | persistentVolumeClaim: 30 | claimName: my-ebs-pvc-selector 31 | -------------------------------------------------------------------------------- /chapter9/ebs-pod-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: my-ebs-pvc # 1. my-ebs-pvc라는 이름의 pvc 를 생성합니다. 5 | spec: 6 | storageClassName: "" 7 | accessModes: 8 | - ReadWriteOnce # 2.1 속성이 ReadWriteOnce인 퍼시스턴트 볼륨과 연결합니다. 9 | resources: 10 | requests: 11 | storage: 5Gi # 2.2 볼륨 크기가 최소 5Gi인 퍼시스턴트 볼륨과 연결합니다. 12 | --- 13 | apiVersion: v1 14 | kind: Pod 15 | metadata: 16 | name: ebs-mount-container 17 | spec: 18 | containers: 19 | - name: ebs-mount-container 20 | image: busybox 21 | args: [ "tail", "-f", "/dev/null" ] 22 | volumeMounts: 23 | - name: ebs-volume 24 | mountPath: /mnt 25 | volumes: 26 | - name : ebs-volume 27 | persistentVolumeClaim: 28 | claimName: my-ebs-pvc # 3. my-ebs-pvc라는 이름의 pvc를 사용합니다. 29 | 30 | -------------------------------------------------------------------------------- /chapter9/ebs-pv-delete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: ebs-pv-delete 5 | spec: 6 | capacity: 7 | storage: 5Gi 8 | accessModes: 9 | - ReadWriteOnce 10 | awsElasticBlockStore: 11 | fsType: ext4 12 | volumeID: 13 | persistentVolumeReclaimPolicy: Delete 14 | 15 | -------------------------------------------------------------------------------- /chapter9/ebs-pv-label.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: ebs-pv-label 5 | labels: 6 | region: ap-northeast-2a 7 | spec: 8 | capacity: 9 | storage: 5Gi 10 | accessModes: 11 | - ReadWriteOnce 12 | awsElasticBlockStore: 13 | fsType: ext4 14 | # volumeID: vol-025c52fbd39d35417 15 | volumeID: <여러분의 VOLUME ID를 입력합니다> 16 | -------------------------------------------------------------------------------- /chapter9/ebs-pv-storageclass.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: ebs-pv-custom-cs 5 | spec: 6 | capacity: 7 | storage: 5Gi 8 | accessModes: 9 | - ReadWriteOnce 10 | storageClassName: my-ebs-volume 11 | awsElasticBlockStore: 12 | fsType: ext4 13 | volumeID: # 여러분의 EBS 볼륨 ID로 대신합니다. 14 | # volumeID: vol-0390f3a601e58ce9b 15 | -------------------------------------------------------------------------------- /chapter9/ebs-pv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: ebs-pv 5 | spec: 6 | capacity: 7 | storage: 5Gi # 이 볼륨의 크기는 5G입니다. 8 | accessModes: 9 | - ReadWriteOnce # 하나의 포드 (또는 인스턴스) 에 의해서만 마운트 될 수 있습니다. 10 | awsElasticBlockStore: 11 | fsType: ext4 12 | volumeID: 13 | 14 | -------------------------------------------------------------------------------- /chapter9/emptydir-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: emptydir-pod 5 | spec: 6 | containers: 7 | - name: content-creator 8 | image: alicek106/alpine-wget:latest 9 | args: ["tail", "-f", "/dev/null"] 10 | volumeMounts: 11 | - name: my-emptydir-volume 12 | mountPath: /data # 1. 이 컨테이너가 /data 에 파일을 생성하면 13 | 14 | - name: apache-webserver 15 | image: httpd:2 16 | volumeMounts: 17 | - name: my-emptydir-volume 18 | mountPath: /usr/local/apache2/htdocs/ # 2. 아파치 웹 서버에서 접근 가능합니다. 19 | 20 | volumes: 21 | - name: my-emptydir-volume 22 | emptyDir: {} # 포드 내에서 파일을 공유하는 emptyDir 23 | -------------------------------------------------------------------------------- /chapter9/hostpath-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: hostpath-pod 5 | spec: 6 | containers: 7 | - name: my-container 8 | image: busybox 9 | args: [ "tail", "-f", "/dev/null" ] 10 | volumeMounts: 11 | - name: my-hostpath-volume 12 | mountPath: /etc/data 13 | volumes: 14 | - name: my-hostpath-volume 15 | hostPath: 16 | path: /tmp 17 | -------------------------------------------------------------------------------- /chapter9/nfs-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nfs-server 5 | spec: 6 | selector: 7 | matchLabels: 8 | role: nfs-server 9 | template: 10 | metadata: 11 | labels: 12 | role: nfs-server 13 | spec: 14 | containers: 15 | - name: nfs-server 16 | image: gcr.io/google_containers/volume-nfs:0.8 17 | ports: 18 | - name: nfs 19 | containerPort: 2049 20 | - name: mountd 21 | containerPort: 20048 22 | - name: rpcbind 23 | containerPort: 111 24 | securityContext: 25 | privileged: true 26 | -------------------------------------------------------------------------------- /chapter9/nfs-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nfs-pod 5 | spec: 6 | containers: 7 | - name: nfs-mount-container 8 | image: busybox 9 | args: [ "tail", "-f", "/dev/null" ] 10 | volumeMounts: 11 | - name: nfs-volume 12 | mountPath: /mnt # 포드 컨테이너 내부의 /mnt 디렉터리에 마운트합니다. 13 | volumes: 14 | - name : nfs-volume 15 | nfs: # NFS 서버의 볼륨을 포드의 컨테이너에 마운트합니다. 16 | path: / 17 | server: {NFS_SERVICE_IP} 18 | 19 | -------------------------------------------------------------------------------- /chapter9/nfs-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: nfs-service 5 | spec: 6 | ports: 7 | - name: nfs 8 | port: 2049 9 | - name: mountd 10 | port: 20048 11 | - name: rpcbind 12 | port: 111 13 | selector: 14 | role: nfs-server 15 | -------------------------------------------------------------------------------- /chapter9/pvc-fast-sc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: pvc-fast-sc 5 | spec: 6 | storageClassName: fast 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 1Gi 12 | -------------------------------------------------------------------------------- /chapter9/storageclass-default.yaml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: generic 5 | annotations: 6 | storageclass.kubernetes.io/is-default-class: "true" 7 | provisioner: kubernetes.io/aws-ebs 8 | parameters: 9 | type: gp2 10 | fsType: ext4 11 | zones: ap-northeast-2a # 여러분의 쿠버네티스 클러스터가 위치한 가용 영역을 입력합니다. 12 | -------------------------------------------------------------------------------- /chapter9/storageclass-fast.yaml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: fast 5 | provisioner: kubernetes.io/aws-ebs 6 | parameters: 7 | type: gp2 8 | fsType: ext4 9 | zones: ap-northeast-2a # 여러분의 쿠버네티스 클러스터가 위치한 가용 영역을 입력합니다. 10 | -------------------------------------------------------------------------------- /chapter9/storageclass-slow.yaml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: slow 5 | provisioner: kubernetes.io/aws-ebs 6 | parameters: 7 | type: st1 8 | fsType: ext4 9 | zones: ap-northeast-2a # 여러분의 쿠버네티스 클러스터가 위치한 가용 영역을 입력합니다. 10 | -------------------------------------------------------------------------------- /kubeadm-terraform/aws.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | -------------------------------------------------------------------------------- /kubeadm-terraform/example/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx 5 | labels: 6 | app: nginx 7 | spec: 8 | replicas: 3 9 | selector: 10 | matchLabels: 11 | app: nginx 12 | template: 13 | metadata: 14 | labels: 15 | app: nginx 16 | spec: 17 | containers: 18 | - name: nginx 19 | image: nginx 20 | ports: 21 | - name: http 22 | containerPort: 80 23 | imagePullPolicy: Always 24 | -------------------------------------------------------------------------------- /kubeadm-terraform/example/service-lb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: nginx-service 5 | spec: 6 | ports: 7 | - name: http 8 | port: 80 9 | selector: 10 | app: nginx 11 | type: LoadBalancer 12 | -------------------------------------------------------------------------------- /kubeadm-terraform/iam.tf: -------------------------------------------------------------------------------- 1 | ## IAM Role and policy for kubernetes master 2 | resource "aws_iam_role" "master_role" { 3 | name = "master_role" 4 | assume_role_policy = <