├── README.md
├── book-img.png
├── chapters
    ├── 10
    │   ├── README.md
    │   ├── aws-ebs.yaml
    │   ├── hostpath-pv.yaml
    │   ├── my-nfs.yaml
    │   ├── my-pvc-sc.yaml
    │   ├── nfs-sc.yaml
    │   ├── use-nfs-sc.yaml
    │   ├── use-pvc-sc.yaml
    │   └── use-pvc.yaml
    ├── 11
    │   ├── README.md
    │   ├── badsector.yaml
    │   ├── heavy-cal.yaml
    │   ├── heavy-load.yaml
    │   ├── hpa.yaml
    │   ├── no-tolerate.yaml
    │   ├── node-affinity.yaml
    │   ├── pod-affinity.yaml
    │   ├── pod-antiaffinity.yaml
    │   ├── redis-cache.yaml
    │   ├── tolerate.yaml
    │   └── web-server.yaml
    ├── 12
    │   ├── README.md
    │   ├── limit-range.yaml
    │   ├── nginx-pdb.yaml
    │   ├── pod-exceed.yaml
    │   └── res-quota.yaml
    ├── 13
    │   ├── README.md
    │   ├── allow-dmz.yaml
    │   ├── allow-from-web.yaml
    │   ├── block-metadata.yaml
    │   ├── db-accessable.yaml
    │   ├── deny-all.yaml
    │   ├── dont-leave-dev.yaml
    │   ├── nginx-sa.yaml
    │   ├── read-pods.yaml
    │   ├── role.yaml
    │   └── web-open.yaml
    ├── 14
    │   └── README.md
    ├── 15
    │   ├── Dockerfile
    │   ├── Jenkinsfile
    │   ├── README.md
    │   ├── app.py
    │   ├── argocd-ingress.yaml
    │   └── pod.yaml
    ├── 16
    │   ├── README.md
    │   ├── jenkins.yaml
    │   ├── minio-instance.yaml
    │   ├── myHelmRelease.yaml
    │   └── mypod-crd.yaml
    ├── 17
    │   ├── README.md
    │   ├── dag-diamond.yaml
    │   ├── error-handlers.yaml
    │   ├── parallel-steps.yaml
    │   ├── param.yaml
    │   ├── serial-step.yaml
    │   └── single-job.yaml
    ├── 01
    │   ├── Dockerfile
    │   ├── README.md
    │   └── hello.py
    ├── 02
    │   └── README.md
    ├── 03
    │   └── README.md
    ├── 04
    │   ├── README.md
    │   └── mynginx.yaml
    ├── 05
    │   ├── README.md
    │   ├── cmd.yaml
    │   ├── downward-env.yaml
    │   ├── downward-volume.yaml
    │   ├── env.yaml
    │   ├── game-volume.yaml
    │   ├── game.properties
    │   ├── init-container.yaml
    │   ├── limits.yaml
    │   ├── liveness.yaml
    │   ├── monster-config.yaml
    │   ├── monster-env.yaml
    │   ├── mynginx.yaml
    │   ├── node-selector.yaml
    │   ├── readiness-cmd.yaml
    │   ├── readiness.yaml
    │   ├── requests.yaml
    │   ├── resources.yaml
    │   ├── second.yaml
    │   ├── secret-env.yaml
    │   ├── secret-envfrom.yaml
    │   ├── secret-volume.yaml
    │   ├── special-env.yaml
    │   ├── user-info-stringdata.yaml
    │   ├── user-info.properties
    │   ├── user-info.yaml
    │   ├── volume-empty.yaml
    │   └── volume.yaml
    ├── 06
    │   ├── README.md
    │   ├── cluster-ip.yaml
    │   ├── external.yaml
    │   ├── load-bal.yaml
    │   ├── myservice.yaml
    │   └── node-port.yaml
    ├── 07
    │   ├── Dockerfile
    │   ├── README.md
    │   ├── cronjob.yaml
    │   ├── fluentd.yaml
    │   ├── job-bug.yaml
    │   ├── job.yaml
    │   ├── mydeploy.yaml
    │   ├── myreplicaset.yaml
    │   ├── mysts.yaml
    │   └── train.py
    ├── 08
    │   └── README.md
    └── 09
    │   ├── README.md
    │   ├── apache-auth.yaml
    │   ├── apache-tls-issuer.yaml
    │   ├── apache-tls.yaml
    │   ├── domain-based-ingress.yaml
    │   ├── http-issuer.yaml
    │   ├── mynginx-ingress.yaml
    │   └── path-based-ingress.yaml
├── gitops
    ├── README.md
    ├── deployment.yaml
    └── service.yaml
└── pipeline-sample
    ├── Dockerfile
    ├── README.md
    ├── app.py
    ├── test.py
    └── test.sh


/README.md:
--------------------------------------------------------------------------------
  1 | <!--
  2 |   Title: 핵심만 콕 쿠버네티스
  3 |   Description: 쿠버네티스를 처음 접하시는 분을 위해 준비하였습니다. 컨테이너, 쿠버네티스 기술에 대해 잘 모르더라도 이 책의 예제를 따라하다보면 어느새 쿠버네티스의 매력에 푹 빠질 것입니다. 쿠버네티스 입문서로 시작하기에 최고의 선택, 여러분도 쿠버네티스라는 거인의 어깨 위에 올라서서 클라우드 네이티브가 꿈꾸는 세상을 바라보시기 바랍니다.
  4 |   Author: 유홍근 (커피고래)
  5 | -->
  6 | # 핵심만 콕! 쿠버네티스
  7 | 
  8 | - 부제: 쿠버네티스의 핵심을 실습하고 이해하는
  9 | - 저자: 유홍근 ([커피고래](https://coffeewhale.com))
 10 | - 출간: 2020년 9월 18일
 11 | - 정가: 32,000원
 12 | - 페이지: 504
 13 | 
 14 | ## 구매 링크
 15 | 
 16 | - [yes24](http://www.yes24.com/Product/Goods/92426926?OzSrank=2)
 17 | - [교보문고](http://www.kyobobook.co.kr/product/detailViewKor.laf?ejkGb=KOR&mallGb=KOR&barcode=9791165920180&orderClick=LAG&Kc=)
 18 | - [알라딘](https://www.aladin.co.kr/shop/wproduct.aspx?ItemId=250937523)
 19 | - [인터파크](http://book.interpark.com/product/BookDisplay.do?_method=detail&sc.shopNo=0000400000&sc.prdNo=338936080&sc.saNo=003002001&bid1=search&bid2=product&bid3=title&bid4=001)
 20 | 
 21 | ![쿠버네티스_입체이미지](book-img.png)
 22 | 
 23 | ## 책 소개
 24 | 
 25 | > 쿠버네티스 첫 시작을 위한 최고의 선택
 26 | 
 27 | 쿠버네티스를 처음 접하시는 분을 위해 준비하였습니다. 컨테이너, 쿠버네티스 기술에 대해 잘 모르더라도 이 책의 예제를 따라하다보면 어느새 쿠버네티스의 매력에 푹 빠질 것입니다. 쿠버네티스 입문서로 시작하기에 최고의 선택, 여러분도 쿠버네티스라는 거인의 어깨 위에 올라서서 클라우드 네이티브가 꿈꾸는 세상을 바라보시기 바랍니다.
 28 | 
 29 | ## 이 책의 특징
 30 | 
 31 | - 핵심을 위주로 설명하여 쿠버네티스의 큰 그림을 빠르게 이해할 수 있습니다.
 32 | - 컨테이너 기술에 대한 기본적인 이해와 장점을 파악할 수 있습니다.
 33 | - 예제를 직접 따라 하면서 사용법을 익힐 수 있습니다.
 34 | 
 35 | ## 이 책이 필요한 독자
 36 | 
 37 | - 쿠버네티스를 처음 접해보시는 분
 38 | - 클라우드 네이티브 기술에 관심이 많으신 분
 39 | - 효율적인 운영 환경을 고민하시는 분
 40 | 
 41 | ## 출판사 리뷰
 42 | 
 43 | 이 책에서는 방대한 시스템인 쿠버네티스를 처음 접할 때 어떤 부분을 집중적으로 살펴볼지 설명하고 최적의 학습 경로를 따라가면서, 단기간에 쿠버네티스에 대해서 이해하고 현실적으로 활용해 볼 수 있는 방법을 제공합니다. 이 책은 쿠버네티스의 모든 내용을 상세히 다루는 레퍼런스 북 형태라기보다는, 전반적인 내용에 대해서 핵심 부분만을 설명하고 직접 실습해 보면서 쿠버네티스의 큰 그림을 이해하는 것에 초점을 맞췄습니다. 각 챕터마다 마무리할 수 있도록 도와주며 참고와 주의를 통해 꿀팁을 확인해볼 수 있습니다. 제목처럼 핵심만 콕! 학습하여 이해해보시기 바랍니다.
 44 | 
 45 | ## 목차 및 예제코드
 46 | 
 47 | 1. [도커 기초](chapters/01)
 48 |     - 1.1 도커 소개
 49 |     - 1.2 도커 기본 명령
 50 |     - 1.3 도커 저장소
 51 |     - 1.4 도커 파일 작성
 52 |     - 1.5 도커 실행 고급
 53 |     - 1.6 마치며
 54 | 2. [쿠버네티스 소개](chapters/02)
 55 |     - 2.1 쿠버네티스란?
 56 |     - 2.2 쿠버네티스의 기본 개념
 57 |     - 2.3 아키텍처
 58 |     - 2.4 장점
 59 |     - 2.5 마치며
 60 | 3. [쿠버네티스 설치](chapters/03)
 61 |     - 3.1 k3s 소개
 62 |     - 3.2 k3s 설치하기
 63 |     - 3.3 마치며
 64 | 4. [쿠버네티스 첫 만남](chapters/04)
 65 |     - 4.1 기본 명령
 66 |     - 4.2 고급 명령
 67 |     - 4.3 마치며
 68 | 5. [Pod 살펴보기](chapters/05)
 69 |     - 5.1 Pod 소개
 70 |     - 5.2 라벨링 시스템
 71 |     - 5.3 실행 명령 및 파라미터 지정
 72 |     - 5.4 환경변수 설정
 73 |     - 5.5 볼륨 연결
 74 |     - 5.6 리소스 관리
 75 |     - 5.7 상태 확인
 76 |     - 5.8 2개 컨테이너 실행
 77 |     - 5.9 초기화 컨테이너
 78 |     - 5.10 Config 설정
 79 |     - 5.11 민감 데이터 관리
 80 |     - 5.12 메타데이터 전달
 81 |     - 5.13 마치며
 82 | 6. [쿠버네티스 네트워킹](chapters/06)
 83 |     - 6.1 Service 소개
 84 |     - 6.2 Service 종류
 85 |     - 6.3 네트워크 모델
 86 |     - 6.4 마치며
 87 | 7. [쿠버네티스 컨트롤러](chapters/07)
 88 |     - 7.1 컨트롤러란?
 89 |     - 7.2 ReplicaSet
 90 |     - 7.3 Deployment
 91 |     - 7.4 StatefulSet
 92 |     - 7.5 DaemonSet
 93 |     - 7.6 Job & CronJob
 94 |     - 7.7 마치며
 95 | 8. [helm 패키지 매니저](chapters/08)
 96 |     - 8.1 helm이란?
 97 |     - 8.2 원격 리파지토리(repository)
 98 |     - 8.3 외부 chart 설치(WordPress)
 99 |     - 8.4 마치며
100 | 9. [Ingress 리소스](chapters/09)
101 |     - 9.1 Ingress란?
102 |     - 9.2 Ingress 기본 사용법
103 |     - 9.3 Basic Auth 설정
104 |     - 9.4 TLS 설정
105 |     - 9.5 마치며
106 | 10. [스토리지](chapters/10)
107 |     - 10.1 PersistentVolume
108 |     - 10.2 PersistentVolumeClaim
109 |     - 10.3 StorageClass
110 |     - 10.4 쿠버네티스 스토리지 활용
111 |     - 10.5 마치며
112 | 11. [고급 스케줄링](chapters/11)
113 |     - 11.1 고가용성 확보 – Pod 레벨
114 |     - 11.2 고사용성 확보 – Node 레벨
115 |     - 11.3 Taint & Toleration
116 |     - 11.4 Affinity & AntiAffinity
117 |     - 11.5 마치며
118 | 12. [클러스터 관리](chapters/12)
119 |     - 12.1 리소스 관리
120 |     - 12.2 노드 관리
121 |     - 12.3 Pod 개수 유지
122 |     - 12.4 마치며
123 | 13. [접근 제어](chapters/13)
124 |     - 13.1 사용자 인증(Authentication)
125 |     - 13.2 역할 기반 접근 제어(RBAC)
126 |     - 13.2.1 Role (ClusterRole)
127 |     - 13.3 네트워크 접근 제어(Network Policy)
128 |     - 13.4 마치며
129 | 14. [로깅과 모니터링](chapters/14)
130 |     - 14.1 로깅 시스템 구축
131 |     - 14.2 리소스 모니터링 시스템 구축
132 |     - 14.3 마치며
133 | 15. [CI/CD](chapters/15)
134 |     - 15.1 DevOps와 CI/CD
135 |     - 15.2 CI 파이프라인
136 |     - 15.3 GitOps를 이용한 CD
137 |     - 15.4 로컬 쿠버네티스 개발
138 |     - 15.5 마치며
139 | 16. [사용자 정의 리소스](chapters/16)
140 |     - 16.1 사용자 정의 리소스란?
141 |     - 16.2 Operator 패턴
142 |     - 16.3 유용한 Operators
143 |     - 16.4 마치며
144 | 17. [Workflow 관리](chapters/17)
145 |     - 17.1 Argo workflow 소개
146 |     - 17.2 Workflow 구성하기
147 |     - 17.3 활용 방법 소개
148 |     - 17.4 마치며
149 | - 부록 쿠버네티스의 미래
150 |     - 클라우드 플랫폼 표준
151 |     - 애플리케이션 배포 표준화
152 |     - 범용 클러스터 플랫폼
153 |     - 마치며
154 | 
155 | ## 참고자료
156 | 
157 | ### VirtualBox를 이용한 k3s 클러스터 구축 방법 소개
158 | 
159 | Chapter 3 `쿠버네티스 설치`에 대한 참고자료입니다. 내 로컬 PC(윈도우)에서 클러스터를 구축하기 위해 VirtualBox를 이용하여 k3s 클러스터를 구축하는 방법에 대해서 소개합니다.
160 | 
161 | - [VirtualBox를 이용한 k3s 클러스터 구축](https://coffeewhale.com/kubernetes/cluster/virtualbox/2020/08/31/k8s-virtualbox)
162 | 
163 | ### 클라우드 서비스별 클러스터 구축 방법 소개
164 | 
165 | Chapter 11 `고급 스케줄링`에서 Node 레벨 고가용성 확보를 위한 Cluster Auto Scaler 예제를 따라하기 위한 클라우드 서비스별 클러스터 구축 방법을 설명드립니다.
166 | 
167 | - [AWS EKS 클러스터 구축](https://coffeewhale.com/kubernetes/cluster/eks/2020/09/03/k8s-eks/)
168 | - [GCP GKE 클러스터 구축](https://coffeewhale.com/kubernetes/cluster/gke/2020/09/04/k8s-gke/)
169 | 
170 | ### CI Pipeline 샘플코드
171 | 
172 | Chapter 15 `CI/CD`에서 Jenkins CI pipeline으로 활용하는 샘플코드입니다.
173 | 
174 | - [pipeline-sample/](pipeline-sample/) 디렉토리 참조 바랍니다.
175 | 
176 | 
177 | ### GitOps 단일 진실의 원천 배포 디렉토리
178 | 
179 | Chapter 15 `CI/CD`에서 FluxCD, ArgoCD에서 단일 진실의 원천으로 사용하는 샘플코드입니다.
180 | 
181 | - [gitops/](gitops/) 디렉토리 참조 바랍니다.
182 | 
183 | ## 오탈자 제보 및 문의 사항
184 | 
185 | 다음 2가지 방법을 이용하여 연락주시기 바랍니다.
186 | 
187 | - 깃허브 리파지토리 [issue 생성](https://github.com/bjpublic/core_kubernetes/issues/new)
188 | - `hongkunyoo (at) gmail.com` (저자, 유홍근)으로 메일 전송
189 | 


--------------------------------------------------------------------------------
/book-img.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bjpublic/core_kubernetes/8dc324a861013bbe9f2cfd95419900487216a857/book-img.png


--------------------------------------------------------------------------------
/chapters/01/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Dockerfile
 2 | FROM ubuntu:20.04
 3 | 
 4 | RUN apt-get update \
 5 |     && apt-get install -y \
 6 |       curl \
 7 |       python-dev
 8 | 
 9 | WORKDIR /root
10 | COPY hello.py .
11 | ENV my_ver 1.0
12 | 
13 | CMD ["python", "hello.py", "guest"]


--------------------------------------------------------------------------------
/chapters/01/README.md:
--------------------------------------------------------------------------------
  1 | # 1. 도커기초
  2 | 
  3 | ## 1.1 도커 소개
  4 | 
  5 | ### 1.1.3 도커 설치
  6 | 
  7 | ```bash
  8 | sudo apt update && sudo apt install -y docker.io net-tools
  9 | sudo usermod -aG docker $USER
 10 | 
 11 | # 서버를 재시작합니다.
 12 | sudo reboot
 13 | ```
 14 | 
 15 | 
 16 | ## 1.2 도커 기본 명령
 17 | 
 18 | ### 1.2.1 컨테이너 실행
 19 | 
 20 | ```bash
 21 | sudo apt install -y cowsay
 22 | cowsay hello world!
 23 | #  ______________
 24 | # < hello world! >
 25 | #  --------------
 26 | #         \   ^__^
 27 | #          \  (oo)\_______
 28 | #             (__)\       )\/\
 29 | #                 ||----w |
 30 | #                 ||     ||
 31 | # 
 32 | ```
 33 | 
 34 | ```bash
 35 | docker run docker/whalesay cowsay 'hello world!'
 36 | # Unable to find image 'docker/whalesay:latest' locally
 37 | # latest: Pulling from docker/whalesay
 38 | # 23cwc732thk4: Pull complete
 39 | # t4nb4f93jc42: Pull complete
 40 | # ...
 41 | #  ______________
 42 | # < hello world! >
 43 | #  --------------
 44 | #     \
 45 | #      \
 46 | #       \
 47 | #                     ##        .
 48 | #               ## ## ##       ==
 49 | #            ## ## ## ##      ===
 50 | #        /""""""""""""""""___/ ===
 51 | #   ~~~ {~~ ~~~~ ~~~ ~~~~ ~~ ~ /  ===- ~~~
 52 | #        \______ o          __/
 53 | #         \    \        __/
 54 | #           \____\______/
 55 | ```
 56 | 
 57 | ```bash
 58 | docker run docker/whalesay echo hello
 59 | # hello
 60 | ```
 61 | 
 62 | ```bash
 63 | # `-d` 옵션 추가
 64 | docker run -d nginx
 65 | # Unable to find image 'nginx:latest' locally
 66 | # latest: Pulling from library/nginx
 67 | # 5e6ec7f28fb7: Pull complete
 68 | # ab804f9bbcbe: Pull complete
 69 | # ...
 70 | # d7455a395f1a4745974b0be1372ea58c1499f52f97d96b48f92eb8fa765bc69f
 71 | ```
 72 | 
 73 | 
 74 | ### 1.2.2 컨테이너 조회
 75 | 
 76 | ```bash
 77 | docker ps
 78 | ```
 79 | 
 80 | ### 1.2.3 컨테이너 상세 정보 확인
 81 | 
 82 | ```bash
 83 | # docker ps를 통해 얻은 <CONTAINER_ID>로 상세 정보 확인
 84 | docker inspect d7455a395f1a
 85 | # [
 86 | #   {
 87 | #     "Id": "d7455a395f1a0f562af7a0878397953331b791c229a31b7eba0",
 88 | #     "Created": "2020-07-12T05:26:23.554118194Z",
 89 | #     "Path": "/",
 90 | #     "Args": [
 91 | #     ],
 92 | #     "State": {
 93 | #       "Status": "running",
 94 | #       "Running": true,
 95 | #       "Paused": false,
 96 | #       ...
 97 | ```
 98 | 
 99 | ### 1.2.4 컨테이너 로깅
100 | 
101 | ```bash
102 | docker logs -f d7455a395f1a
103 | # /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, ...
104 | # /docker-entrypoint.sh: Looking for shell scripts in ...
105 | # ...
106 | ```
107 | 
108 | `<CTRL>+<C>`로 로깅을 종료
109 | 
110 | ### 1.2.5 컨테이너 명령전달
111 | 
112 | ```bash
113 | # 새로운 패키지 설치
114 | docker exec d7455a395f1a sh -c 'apt update && apt install -y wget'
115 | docker exec d7455a395f1a wget localhost
116 | # ..
117 | # Saving to: 'index.html'
118 | #      0K .......... ..           166M=0s
119 | # 2020-07-16 15:15:43 (166 MB/s) - 'index.html' saved [13134]
120 | ```
121 | 
122 | ### 1.2.6 컨테이너 / 호스트간 파일 복사
123 | 
124 | ```bash
125 | # 호스트에서 컨테이너로 파일 복사
126 | docker cp /etc/passwd d7455a395f1a:/usr/share/nginx/html/.
127 | 
128 | # 확인
129 | docker exec d7455a395f1a curl -s localhost/passwd
130 | # root:x:0:0:root:/root:/bin/bash
131 | # daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
132 | # bin:x:2:2:bin:/bin:/usr/sbin/nologin
133 | # ...
134 | 
135 | # 반대로 컨테이너에서 호스트로 파일 복사
136 | docker cp d7455a395f1a:/usr/share/nginx/html/index.html .
137 | 
138 | # 확인
139 | cat index.html
140 | # <!DOCTYPE html>
141 | # <html>
142 | # <head>
143 | # <title>Welcome to nginx!</title>
144 | # ...
145 | ```
146 | 
147 | ### 1.2.7 컨테이너 중단
148 | 
149 | ```bash
150 | docker stop d7455a395f1a
151 | # d7455a395f1a
152 | 
153 | docker ps
154 | # CONTAINER ID    IMAGE   COMMAND   CREATED   STATUS   PORTS    NAMES
155 | 
156 | docker ps -a
157 | # CONTAINER ID   IMAGE  COMMAND       ...  STATUS       PORTS   NAMES
158 | # d7455a395f1a   nginx  "/docker..."  ...  Exited (0)           ...
159 | # ...
160 | ```
161 | 
162 | ### 1.2.8 컨테이너 재개
163 | 
164 | ```bash
165 | docker start d7455a395f1a
166 | # d7455a395f1a
167 | 
168 | docker ps
169 | # CONTAINER ID    IMAGE    COMMAND                  CREATED         ...
170 | # d7455a395f1a    nginx    "/docker-entrypoint.."   4 minutes ago   ...
171 | ```
172 | 
173 | ### 1.2.9 컨테이너 삭제
174 | 
175 | ```bash
176 | # 컨테이너 중단
177 | docker stop d7455a395f1a
178 | # d7455a395f1a
179 | 
180 | # 컨테이너 삭제
181 | docker rm d7455a395f1a
182 | # d7455a395f1a
183 | 
184 | # 컨테이너 조회, nginx가 사라졌습니다.
185 | docker ps -a
186 | # CONTAINER ID  IMAGE            COMMAND       ...  STATUS      ...
187 | # fc47859c2fdc  docker/whalesay  "echo hello"  ...  Exited (0)  ...
188 | # 32047a546124  docker/whalesay  "cowsay ..."  ...  Exited (0)  ...
189 | ```
190 | 
191 | ### 1.2.10 Interactive 컨테이너
192 | 
193 | ```bash
194 | docker run -it ubuntu:16.04 bash
195 | # Unable to find image 'ubuntu:16.04' locally
196 | 
197 | # 컨테이너 내부
198 | $root@1c23d59f4289:/#
199 | 
200 | $root@1c23d59f4289:/# cat /etc/os-release
201 | # NAME="Ubuntu"
202 | # VERSION="16.04.6 LTS (Xenial Xerus)"
203 | # ID=ubuntu
204 | # ID_LIKE=debian
205 | 
206 | # 컨테이너에서 빠져 나오기
207 | $root@1c23d59f4289:/# exit
208 | ```
209 | 
210 | ```bash
211 | # 컨테이너 실행
212 | docker run -d nginx
213 | # c4484sc501e9a
214 | 
215 | # exec 명령을 통해서 bash 접속
216 | docker exec -it c4484c501e9a bash
217 | 
218 | # 컨테이너 내부
219 | $root@c4484c501e9a:/#
220 | ```
221 | 
222 | 
223 | ## 1.3 도커 저장소
224 | 
225 | ### 1.3.2 이미지 tag 달기
226 | 
227 | ```bash
228 | docker tag nginx:latest <USERNAME>/nginx:1
229 | ```
230 | 
231 | 
232 | ### 1.3.3 이미지 확인
233 | 
234 | ```bash
235 | docker images
236 | # REPOSITORY         TAG        IMAGE ID        CREATED          SIZE
237 | # nginx              latest     89b0e8f41524    2 minutes ago    150MB
238 | # hongkunyoo/nginx   latest     89b0e8f41524    2 minutes ago    150MB
239 | # hongkunyoo/nginx   1          89b0e8f41524    2 minutes ago    150MB
240 | # ubuntu             16.04      330ae480cb85    8 days ago       125MB
241 | # docker/whalesay    latest     6b362a9f73eb    5 years ago      247MB
242 | ```
243 | 
244 | ### 1.3.4 도커허브 로그인
245 | 
246 | ```bash
247 | docker login
248 | # Username: <USERNAME>
249 | # Password: ****
250 | # WARNING! Your password will be stored unencrypted in ...
251 | # Configure a credential helper to remove this warning. See
252 | # https://docs.docker.com/engine/reference/commandline/login/#credentials-store
253 | 
254 | # Login Succeeded
255 | ```
256 | 
257 | ### 1.3.5 이미지 업로드
258 | 
259 | ```bash
260 | docker push <USERNAME>/nginx
261 | # The push refers to repository [docker.io/hongkunyoo/nginx]
262 | # f978b9ed3f26: Preparing
263 | # 9040af41bb66: Preparing
264 | ```
265 | 
266 | ### 1.3.6 이미지 다운로드
267 | 
268 | ```bash
269 | docker pull redis
270 | # Using default tag: latest
271 | # latest: Pulling from library/redis
272 | # ...
273 | # 85a6a5c53ff0: Pull complete
274 | 
275 | docker images
276 | # REPOSITORY         TAG         IMAGE ID        CREATED          SIZE
277 | # hongkunyoo/nginx   latest      89b0e8f41524    2 minutes ago    150MB
278 | # hongkunyoo/nginx   1           89b0e8f41524    2 minutes ago    150MB
279 | # nginx              latest      89b0e8f41524    2 minutes ago    150MB
280 | # redis              latest      235592615444    3 weeks ago      104MB
281 | # ubuntu             16.04      330ae480cb85    8 days ago       125MB
282 | # docker/whalesay    latest      6b362a9f73eb    5 years ago      247MB
283 | ```
284 | 
285 | ### 1.3.7 이미지 삭제
286 | 
287 | ```bash
288 | docker rmi redis
289 | # Untagged: redis:latest
290 | # Untagged: redis@sha256:800f2587bf3376cb01e6307afe599ddce9439deafbd...
291 | # Deleted: sha256:2355926154447ec75b25666ff5df14d1ab54f8bb4abf731be2fcb818c7a7f145
292 | 
293 | docker images
294 | # REPOSITORY         TAG       IMAGE ID         CREATED          SIZE
295 | # nginx              latest    89b0e8f41524     2 minutes ago    150MB
296 | # hongkunyoo/nginx   latest    89b0e8f41524     2 minutes ago    150MB
297 | # hongkunyoo/nginx   1         89b0e8f41524     2 minutes ago    150MB
298 | # ubuntu             16.04     330ae480cb85     8 days ago       125MB
299 | # docker/whalesay    latest    6b362a9f73eb     5 years ago      247MB
300 | ```
301 | 
302 | ## 1.4 도커파일 작성
303 | 
304 | ### 1.4.1 Dockerfile 기초
305 | 
306 | ```python
307 | # hello.py
308 | import os
309 | import sys
310 | 
311 | my_ver = os.environ["my_ver"]
312 | arg = sys.argv[1]
313 | 
314 | print("hello %s, my version is %s!" % (arg, my_ver))
315 | ```
316 | 
317 | ```Dockerfile
318 | # Dockerfile
319 | FROM ubuntu:20.04
320 | 
321 | RUN apt-get update \
322 |     && apt-get install -y \
323 |       curl \
324 |       python-dev
325 | 
326 | WORKDIR /root
327 | COPY hello.py .
328 | ENV my_ver 1.0
329 | 
330 | CMD ["python", "hello.py", "guest"]
331 | ```
332 | 
333 | ### 1.4.2 도커 빌드
334 | 
335 | ```bash
336 | # 현재 디렉토리에 위치한 Dockerfile을 이용하여 hello:1 이미지를 생성하라
337 | docker build . -t hello:1
338 | # Sending build context to Docker daemon   21.5kB
339 | # Step 1/6 : FROM ubuntu:20.04
340 | #  ---> 8e4ce0a6ce69
341 | # Step 2/6 : RUN apt-get update && apt-get install -y curl
342 | #  ---> Running in 2d62d9ed92f
343 | # ...
344 | 
345 | docker run hello:1
346 | # hello guest, my version is 1.0!
347 | 
348 | # 파라미터를 넘기게 되면 기존 `CMD`는 override 됩니다.
349 | # echo
350 | docker run hello:1 echo "hello world!"
351 | # hello world!
352 | 
353 | # cat
354 | docker run hello:1 cat hello.py
355 | # import os
356 | # import sys
357 | # ...
358 | 
359 | # pwd
360 | docker run hello:1 pwd
361 | # /root
362 | ```
363 | 
364 | ```bash
365 | docker run -e my_ver=1.5 hello:1
366 | # hello guest, my version is 1.5!
367 | ```
368 | 
369 | ### 1.4.3 Dockerfile 심화
370 | 
371 | #### ARG
372 | 
373 | ```Dockerfile
374 | # Dockerfile
375 | FROM ubuntu:20.04
376 | 
377 | RUN apt-get update \
378 |     && apt-get install -y \
379 |       curl \
380 |       python-dev
381 | 
382 | ARG my_ver=1.0
383 | 
384 | WORKDIR /root
385 | COPY hello.py .
386 | ENV my_ver $my_ver
387 | 
388 | CMD ["python", "hello.py", "guest"]
389 | ```
390 | 
391 | ```bash
392 | docker build . -t hello:2 --build-arg my_ver=2.0
393 | 
394 | docker run hello:2
395 | # hello guest, my version is 2.0!
396 | ```
397 | 
398 | ```bash
399 | docker run -e my_ver=2.5 hello:2
400 | # hello guest, my version is 2.5!
401 | ```
402 | 
403 | #### ENTRYPOINT
404 | 
405 | ```Dockerfile
406 | # Dockerfile
407 | FROM ubuntu:20.04
408 | 
409 | RUN apt-get update \
410 |     && apt-get install -y \
411 |       curl \
412 |       python-dev
413 | 
414 | WORKDIR /root
415 | COPY hello.py .
416 | ENV my_ver 1.0
417 | 
418 | ENTRYPOINT ["python", "hello.py", "guest"]
419 | ```
420 | 
421 | ```bash
422 | docker build . -t hello:3
423 | 
424 | docker run hello:3
425 | # hello guest, my version is 1.0!
426 | 
427 | # 실행명령을 전달해도 ENTRYPOINT 그대로 실행됩니다.
428 | docker run hello:3 echo "hello"
429 | # hello guest, my version is 1.0!
430 | ```
431 | 
432 | ```Dockerfile
433 | # Dockerfile
434 | FROM ubuntu:20.04
435 | 
436 | RUN apt-get update \
437 |     && apt-get install -y \
438 |       curl \
439 |       python-dev
440 | 
441 | WORKDIR /root
442 | COPY hello.py .
443 | ENV my_ver 1.0
444 | 
445 | # guest를 삭제합니다. hello.py가 새로운 파라미터를 받을 수 있게 만듭니다.
446 | ENTRYPOINT ["python", "hello.py"]
447 | ```
448 | 
449 | ```bash
450 | docker build . -t hello:4
451 | 
452 | # new-guest 파라미터를 전달합니다.
453 | docker run hello:4 new-guest
454 | # hello new-guest, my version is 1.0!
455 | ```
456 | 
457 | ## 1.5 도커 실행 고급
458 | 
459 | ### 1.5.1 Network
460 | 
461 | ```bash
462 | docker run -p 5000:80 -d nginx
463 | # rlasdf0234klcvmz904390zxhvksdf230zxc
464 | 
465 | # 5000번으로 localhost 호출을 합니다.
466 | curl localhost:5000
467 | # <!DOCTYPE html>
468 | # <html>
469 | # <head>
470 | # <title>Welcome to nginx!</title>
471 | # ...
472 | 
473 | # 내부/공인IP로도 확인해 봅니다.
474 | curl <내부 혹은 공인IP>:5000
475 | # <!DOCTYPE html>
476 | # <html>
477 | # <head>
478 | # <title>Welcome to nginx!</title>
479 | # ...
480 | ```
481 | 
482 | ### 1.5.2 Volume
483 | 
484 | ```bash
485 | # 현재 디렉토리를 컨테이너의 nginx 디렉토리와 연결합니다.
486 | docker run -p 6000:80 -v $(pwd):/usr/share/nginx/html/ -d nginx
487 | 
488 | # 현재 디렉토리에 hello.txt 파일을 생성합니다.
489 | echo hello! >> $(pwd)/hello.txt
490 | 
491 | # nginx 내부에서 해당 파일이 보이는지 확인합니다.
492 | curl localhost:6000/hello.txt
493 | # hello!
494 | ```
495 | 
496 | ### 1.5.3 Entrypoint
497 | 
498 | ```Dockerfile
499 | # Dockerfile
500 | FROM ubuntu:18.04
501 | 
502 | ENTRYPOINT ["echo"]
503 | ```
504 | 
505 | ```bash
506 | docker build . -t lets-echo
507 | 
508 | docker run lets-echo hello
509 | # hello
510 | 
511 | # cat의 결과가 출력되는 것을 기대하나 cat '/etc/passwd' 라는 문자열이 출력됨
512 | docker run lets-echo cat /etc/password
513 | # cat /etc/password
514 | 
515 | # entrypoint를 cat 명령으로 override
516 | docker run --entrypoint=cat lets-echo /etc/passwd
517 | # root:x:0:0:root:/root:/bin/bash
518 | # daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
519 | # bin:x:2:2:bin:/bin:/usr/sbin/nologin
520 | # ...
521 | ```
522 | 
523 | ### 1.5.4 User
524 | 
525 | ```Dockerfile
526 | # Dockerfile
527 | FROM ubuntu:18.04
528 | 
529 | # Ubuntu 유저 생성
530 | RUN adduser --disabled-password --gecos "" ubuntu
531 | 
532 | # 컨테이너 실행 시 ubuntu 유저로 설정
533 | USER ubuntu
534 | ```
535 | 
536 | ```bash
537 | # my-user 라는 이미지 생성
538 | docker build . -t my-user
539 | 
540 | # ubuntu라는 유저로 컨테이너 실행
541 | docker run -it my-user bash
542 | ubuntu@b09ce82d4a77:/$
543 | 
544 | ubuntu@b09ce82d4a77:/$ apt update
545 | # Reading package lists... Done
546 | # E: List directory /var/lib/apt/lists/partial is missing.
547 | # - Acquire (13: Permission denied)
548 | 
549 | ubuntu@b09ce82d4a77:/$ exit
550 | 
551 | # 강제로 root 유저 사용
552 | docker run --user root -it my-user bash
553 | root@0ac2522215e8:/$ apt update
554 | # Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease
555 | # Get:2 http://archive.ubuntu.com/ubuntu bionic InRelease [242 kB]
556 | # ...
557 | 
558 | root@0ac2522215e8:/$ exit
559 | ```
560 | 
561 | ### Clean up
562 | 
563 | ```bash
564 | docker rm $(docker ps -aq) -f
565 | docker rmi $(docker images -q) -f
566 | ```
567 | 


--------------------------------------------------------------------------------
/chapters/01/hello.py:
--------------------------------------------------------------------------------
1 | # hello.py
2 | import os
3 | import sys
4 | 
5 | my_ver = os.environ["my_ver"]
6 | arg = sys.argv[1]
7 | 
8 | print("hello %s, my version is %s!" % (arg, my_ver))
9 | 


--------------------------------------------------------------------------------
/chapters/02/README.md:
--------------------------------------------------------------------------------
 1 | # 2. 쿠버네티스 소개
 2 | 
 3 | ## 쿠버네티스란?
 4 | 
 5 | - 쿠버네티스 공식 웹사이트 : [https://kubernetes.io/](https://kubernetes.io/)
 6 | - 쿠버네티스  깃허브 : [https://github.com/kubernetes/kubernetes](https://github.com/kubernetes/kubernetes)
 7 | 
 8 | 
 9 | ## 쿠버네티스 읽을거리
10 | 
11 | ### 블로그
12 | 
13 | - [쿠버네티스 전신, Borg](https://kubernetes.io/blog/2015/04/borg-predecessor-to-kubernetes)
14 | - [쿠버네티스란 무엇인가?](https://subicura.com/2019/05/19/kubernetes-basic-1.html)
15 | - [쿠버네티스 관련 블로그: coffeewhale.com](https://coffeewhale.com)
16 | 
17 | ### 데모 클러스터
18 | - [Play with k8s](https://labs.play-with-k8s.com/)
19 | - [Playground](https://www.katacoda.com/courses/kubernetes/playground)
20 | 
21 | ### Examples & Tutorials
22 | - [쿠버네티스 공식 튜토리얼](https://kubernetes.io/docs/tutorials/)
23 | - [쿠버네티스 example](https://kubernetesbyexample.com/)
24 | 
25 | ### 책
26 | - [The Kubernetes Book](https://www.amazon.com/Kubernetes-Book-Version-January-2018-ebook/dp/B072TS9ZQZ/ref=sr_1_3?ie=UTF8&qid=1528625195&sr=8-3&keywords=kubernetes&dpID=41SyKBO3UcL&preST=_SX342_QL70_&dpSrc=srch)
27 | - [Designing Distributed System](https://azure.microsoft.com/en-us/resources/designing-distributed-systems/en-us/)
28 | 
29 | 


--------------------------------------------------------------------------------
/chapters/03/README.md:
--------------------------------------------------------------------------------
  1 | # 3. 쿠버네티스 설치
  2 | 
  3 | 
  4 | ### 3.2.2 마스터 노드 설치
  5 | 
  6 | ```bash
  7 | sudo apt update
  8 | sudo apt install -y docker.io nfs-common dnsutils curl
  9 | 
 10 | # k3s 마스터 설치
 11 | curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="\
 12 |     --disable traefik \
 13 |     --disable metrics-server \
 14 |     --node-name master --docker" \
 15 |     INSTALL_K3S_VERSION="v1.18.6+k3s1" sh -s -
 16 | 
 17 | # 마스터 통신을 위한 설정
 18 | mkdir ~/.kube
 19 | sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
 20 | sudo chown -R $(id -u):$(id -g) ~/.kube
 21 | echo "export KUBECONFIG=~/.kube/config" >> ~/.bashrc
 22 | source ~/.bashrc
 23 | 
 24 | # 설치 확인
 25 | kubectl cluster-info
 26 | # Kubernetes master is running at https://127.0.0.1:6443
 27 | # CoreDNS is running at https://127.0.0.1:6443/api/v1/namespaces...
 28 | # 
 29 | # To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
 30 | 
 31 | kubectl get node -o wide
 32 | # NAME     STATUS   ROLES    AGE   VERSION        INTERNAL-IP    ...
 33 | # master   Ready    master   27m   v1.18.6+k3s1   10.0.1.1       ...
 34 | ```
 35 | 
 36 | ```bash
 37 | # 마스터 노드 토큰 확인
 38 | NODE_TOKEN=$(sudo cat /var/lib/rancher/k3s/server/node-token)
 39 | echo $NODE_TOKEN
 40 | # K10e6f5a983710a836b9ad21ca4a99fcxx::server:c8ae61726384c19726022879xx
 41 | 
 42 | MASTER_IP=$(kubectl get node master -ojsonpath="{.status.addresses[0].address}")
 43 | echo $MASTER_IP
 44 | # 10.0.1.1
 45 | ```
 46 | 
 47 | 
 48 | ### 3.2.3 워커 노드 추가
 49 | 
 50 | ```bash
 51 | NODE_TOKEN=<마스터에서 확인한 토큰 입력>
 52 | MASTER_IP=<마스터에서 얻은 내부IP 입력>
 53 | 
 54 | sudo apt update
 55 | sudo apt install -y docker.io nfs-common curl
 56 | 
 57 | # k3s 워커 노드 설치
 58 | curl -sfL https://get.k3s.io | K3S_URL=https://$MASTER_IP:6443 \
 59 |     K3S_TOKEN=$NODE_TOKEN \
 60 |     INSTALL_K3S_EXEC="--node-name worker --docker" \
 61 |     INSTALL_K3S_VERSION="v1.18.6+k3s1" sh -s -
 62 | ```
 63 | 
 64 | 
 65 | ### 3.2.4 설치문제 해결 방법
 66 | 
 67 | #### 1) 마스터 노드 로그 확인
 68 | 
 69 | ```bash
 70 | # 마스터 노드 상태 확인
 71 | sudo systemctl status k3s.service
 72 | # * k3s.service - Lightweight Kubernetes
 73 | #   ...
 74 | #   CGroup: /system.slice/k3s.service
 75 | #           └─955 /usr/local/bin/k3s server --disable traefik \
 76 | #                                           --disable metrics-server \
 77 | #                                           --node-name master \
 78 | #                                           --docker
 79 | #
 80 | # Aug 11 17:37:09 ip-10-0-1-1 k3s[955]: I0811 17:37:09.189289   ...
 81 | # Aug 11 17:37:14 ip-10-0-1-1 k3s[955]: I0811 17:37:14.190442   ...
 82 | # ...
 83 | 
 84 | # journald 로그 확인
 85 | sudo journalctl -u k3s.service
 86 | # Jul 13 17:51:08 ip-10-0-1-1 k3s[955]: W0713 17:51:08.168244   ...
 87 | # Jul 13 17:51:08 ip-10-0-1-1 k3s[955]: I0713 17:51:08.649295   ...
 88 | # ...
 89 | ```
 90 | 
 91 | 에러 메세지나 exception 메세지를 확인합니다.
 92 | 
 93 | #### 2) 워커 노드 로그 확인
 94 | 
 95 | ```bash
 96 | # 워커 노드 상태 확인
 97 | sudo systemctl status k3s-agent.service
 98 | # * k3s-agent.service - Lightweight Kubernetes
 99 | #   ...
100 | #   CGroup: /system.slice/k3s-agent.service
101 | #           └─955 /usr/local/bin/k3s agent --token K10e6f5a983710 ..\
102 | #                                          --server 10.0.1.1 \
103 | #                                          --node-name worker \
104 | #                                          --docker
105 | #
106 | # Aug 11 17:37:09 ip-10-0-1-2 k3s[955]: I0811 17:37:09.189289   ...
107 | # Aug 11 17:37:14 ip-10-0-1-2 k3s[955]: I0811 17:37:14.190442   ...
108 | # ...
109 | 
110 | # journald 로그 확인
111 | sudo journalctl -u k3s-agent.service
112 | # Jul 13 17:51:08 ip-10-0-1-2 k3s[955]: W0713 17:51:08.168244   ...
113 | # Jul 13 17:51:08 ip-10-0-1-2 k3s[955]: I0713 17:51:08.649295   ...
114 | # ...
115 | ```
116 | 
117 | 체크리스트
118 | 
119 | - `NODE_TOKEN` 값이 제대로 설정 되었나요?
120 | - `MASTER_IP`가 제대로 설정 되었나요?
121 | - 워커 노드에서 마스터 노드로 IP 연결이 가능한가요?
122 | - 마스터, 워커 노드에 적절한 포트가 열려 있나요?
123 | 
124 | 
125 | #### 3) 마스터 & 워커 노드 재설치
126 | 
127 | 마스터 노드에서 다음 명령을 수행하여 마스터를 제거하시기 바랍니다.
128 | 
129 | ```bash
130 | /usr/local/bin/k3s-uninstall.sh
131 | ```
132 | 
133 | 워커 노드에서 다음 명령을 수행하여 워커를 제거하시기 바랍니다.
134 | 
135 | ```bash
136 | /usr/local/bin/k3s-agent-uninstall.sh
137 | ```
138 | 
139 | 삭제 완료 후, 처음부터 다시 재설치를 진행합니다.
140 | 
141 | 
142 | #### 4) 공식문서 참고
143 | 
144 | [https://rancher.com/docs/k3s/latest/en/installation](https://rancher.com/docs/k3s/latest/en/installation)


--------------------------------------------------------------------------------
/chapters/04/README.md:
--------------------------------------------------------------------------------
  1 | # 4. 쿠버네티스 첫 만남
  2 | 
  3 | ## 4.1 기본 명령
  4 | 
  5 | ### 4.1.1 컨테이너 실행
  6 | 
  7 | ```bash
  8 | kubectl run mynginx --image nginx
  9 | # pod/mynginx created
 10 | ```
 11 | 
 12 | ### 4.1.2 컨테이너 조회
 13 | 
 14 | ```bash
 15 | kubectl get pod
 16 | # NAME      READY   STATUS    RESTARTS   AGE
 17 | # mynginx   1/1     Running   0          2s
 18 | ```
 19 | 
 20 | ```bash
 21 | kubectl get pod mynginx -o yaml
 22 | # apiVersion: v1
 23 | # kind: Pod
 24 | # metadata:
 25 | #   creationTimestamp: "2020-06-21T06:54:52Z"
 26 | #   labels:
 27 | #     run: mynginx
 28 | #   managedFields:
 29 | #   - apiVersion: v1
 30 | #   ...
 31 | #   ...
 32 | #   name: mynginx
 33 | #   namespace: default
 34 | #   resourceVersion: "11160054"
 35 | #   ...
 36 | ```
 37 | 
 38 | ```bash
 39 | kubectl get pod -o wide
 40 | # NAME     READY   STATUS    RESTARTS   AGE  IP            NODE    ...
 41 | # mynginx  1/1     Running   0          6s   10.42.0.226   worker  ...
 42 | ```
 43 | 
 44 | ### 4.1.3 컨테이너 상세 정보 확인
 45 | 
 46 | ```bash
 47 | kubectl describe pod mynginx
 48 | # Name:         mynginx
 49 | # Namespace:    default
 50 | # Priority:     0
 51 | # Node:         worker/10.0.1.2
 52 | # Start Time:   Sun, 21 Jun 2020 06:54:52 +0000
 53 | # Labels:       run=mynginx
 54 | # Annotations:  <none>
 55 | # Status:       Running
 56 | # IP:           10.42.0.155
 57 | # IPs:
 58 | #   IP:  10.42.0.155
 59 | # ....
 60 | ```
 61 | 
 62 | ### 4.1.4 컨테이너 로깅
 63 | 
 64 | ```bash
 65 | kubectl logs -f mynginx
 66 | # /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will ...
 67 | # /docker-entrypoint.sh: Looking for shell scripts in /docker-...
 68 | # ...
 69 | ```
 70 | 
 71 | ### 4.1.5 컨테이너 명령 전달
 72 | 
 73 | ```bash
 74 | # mynginx에 apt-update 명령을 전달합니다.
 75 | kubectl exec mynginx -- apt-get update
 76 | # Get:1 http://security.debian.org/debian-security buster/updates ...
 77 | # Get:2 http://deb.debian.org/debian buster InRelease [121 kB]
 78 | # Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
 79 | # ...
 80 | ```
 81 | 
 82 | ```bash
 83 | kubectl exec -it mynginx -- bash
 84 | 
 85 | $root@mynginx:/# hostname
 86 | # mynginx
 87 | 
 88 | # 컨테이너 exit
 89 | $root@mynginx:/# exit
 90 | ```
 91 | 
 92 | ### 4.1.6 컨테이너 / 호스트간 파일 복사
 93 | 
 94 | ```bash
 95 | # <HOST> --> <CONTAINER>
 96 | kubectl cp /etc/passwd mynginx:/tmp/passwd
 97 | 
 98 | # exec 명령으로 복사가 되었는지 확인합니다.
 99 | kubectl exec mynginx -- ls /tmp/passwd
100 | # /tmp/passwd
101 | 
102 | kubectl exec mynginx -- cat /tmp/passwd
103 | # root:x:0:0:root:/root:/bin/bash
104 | # daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
105 | # bin:x:2:2:bin:/bin:/usr/sbin/nologin
106 | # ...
107 | ```
108 | 
109 | ### 4.1.7 컨테이너 정보 수정
110 | 
111 | ```bash
112 | kubectl edit pod mynginx
113 | # apiVersion: v1
114 | # kind: Pod
115 | # metadata:
116 | #   creationTimestamp: "..."
117 | #   labels:
118 | #     hello: world        # <-- 라벨 추가
119 | #     run: mynginx
120 | #   managedFields:
121 | #   ...
122 | ```
123 | 
124 | ```bash
125 | # mynginx 상세 정보 조회
126 | kubectl get pod mynginx -oyaml
127 | # apiVersion: v1
128 | # kind: Pod
129 | # metadata:
130 | #   creationTimestamp: "..."
131 | #   labels:
132 | #     hello: world        # <-- 추가된 라벨 학인
133 | #     run: mynginx
134 | #   ...
135 | ```
136 | 
137 | ### 4.1.8 컨테이너 삭제
138 | 
139 | ```bash
140 | kubectl delete pod mynginx
141 | # pod mynginx deleted
142 | 
143 | kubectl get pod
144 | # No resources found ..
145 | ```
146 | 
147 | ### 4.1.9 선언형 명령 정의서 (YAML) 기반의 컨테이너 생성
148 | 
149 | ```yaml
150 | # mynginx.yaml
151 | apiVersion: v1
152 | kind: Pod
153 | metadata:
154 |   name: mynginx
155 | spec:
156 |   containers: 
157 |   - name: mynginx
158 |     image: nginx
159 | ```
160 | 
161 | ```bash
162 | ls
163 | # mynginx.yaml
164 | 
165 | kubectl apply -f mynginx.yaml
166 | # pod/mynginx created
167 | 
168 | kubectl get pod 
169 | # NAME      READY   STATUS      RESTARTS   AGE
170 | # mynginx   1/1     Running     1          6s
171 | 
172 | kubectl get pod mynginx -oyaml
173 | # apiVersion: v1
174 | # kind: Pod
175 | # metadata:
176 | #   ...
177 | #   name: mynginx
178 | #   ...
179 | # spec:
180 | #   containers:
181 | #   - image: nginx
182 | #     name: mynginx
183 | #   ...
184 | ```
185 | 
186 | ```bash
187 | kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/pods/simple-pod.yaml
188 | # pod/nginx created
189 | 
190 | kubectl delete -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/pods/simple-pod.yaml
191 | # pod/nginx deleted
192 | ```
193 | 
194 | ```yaml
195 | # mynginx.yaml
196 | apiVersion: v1
197 | kind: Pod
198 | metadata:
199 |   labels:
200 |     hello: world          # <-- 라벨 추가
201 |   name: mynginx
202 | spec:
203 |   containers: 
204 |   - name: mynginx
205 |     image: nginx:1.17.2   # <-- 기존 latest에서 1.17.2로 변경
206 | ```
207 | 
208 | ```bash
209 | kubectl apply -f mynginx.yaml
210 | # pod/mynginx configured
211 | 
212 | kubectl get pod 
213 | # NAME      READY   STATUS      RESTARTS   AGE
214 | # mynginx   1/1     Running     1          3m48s
215 | 
216 | kubectl get pod mynginx -oyaml
217 | # apiVersion: v1
218 | # kind: Pod
219 | # metadata:
220 | #   labels:
221 | #     hello: world
222 | #   ...
223 | #   name: mynginx
224 | #   ...
225 | # spec:
226 | #   containers:
227 | #   - image: nginx:1.17.2
228 | #     name: mynginx
229 | #   ...
230 | ```
231 | 
232 | ```bash
233 | kubectl apply -f mynginx.yaml
234 | # pod/mynginx unchanged
235 | 
236 | kubectl get pod 
237 | # NAME      READY   STATUS      RESTARTS   AGE
238 | # mynginx   1/1     Running     1          3m48s
239 | 
240 | kubectl get pod mynginx -oyaml
241 | # apiVersion: v1
242 | # kind: Pod
243 | # metadata:
244 | #   labels:
245 | #     hello: world
246 | #   ...
247 | #   name: mynginx
248 | #   ...
249 | # spec:
250 | #   containers:
251 | #   - image: nginx:1.17.2
252 | #     name: mynginx
253 | #   ...
254 | ```
255 | 
256 | ## 4.2 고급 명령
257 | 
258 | ### 4.2.1 리소스별 명령
259 | 
260 | ```bash
261 | kubectl get service
262 | # NAME         TYPE       CLUSTER-IP   EXTERNAL-IP   PORT(S)  AGE
263 | # kubernetes   ClusterIP  10.43.0.1    <none>        443/TCP  13d
264 | 
265 | # describe 명령도 동일하게 작동합니다.
266 | kubectl describe service kubernetes
267 | # Name:              kubernetes
268 | # Namespace:         default
269 | # Labels:            component=apiserver
270 | #                    provider=kubernetes
271 | #  ...
272 | ```
273 | 
274 | ```bash
275 | kubectl get node
276 | # NAME     STATUS   ROLES    AGE   VERSION
277 | # master   Ready    master   13d   v1.18.6+k3s1
278 | # worker   Ready             13d   v1.18.6+k3s1
279 | 
280 | kubectl describe node master
281 | # Name:               master
282 | # Roles:              master
283 | # Labels:             beta.kubernetes.io/arch=amd64
284 | #                     beta.kubernetes.io/instance-type=k3s
285 | # ...
286 | ```
287 | 
288 | ### 4.2.2 네임스페이스
289 | 
290 | ```bash
291 | kubectl get namespace
292 | # NAME             STATUS   AGE
293 | # default          Active   12m
294 | # kube-system      Active   12m
295 | # kube-public      Active   12m
296 | # kube-node-lease  Active   12m 
297 | 
298 | kubectl describe namespace kube-system
299 | # Name:         kube-system
300 | # Labels:       <none>
301 | # Annotations:  <none>
302 | # ...
303 | ```
304 | 
305 | ```bash
306 | kubectl run mynginx-ns --image nginx --namespace kube-system
307 | # pod/mynginx-ns created
308 | 
309 | # kube-system 네임스페이스에서 Pod 확인
310 | kubectl get pod mynginx-ns -n kube-system  # --namespace를 -n로 축약 가능
311 | # NAME        READY   STATUS    RESTARTS   AGE
312 | # mynginx-ns  1/1     Running   0          13s
313 | 
314 | kubectl delete pod mynginx-ns -n kube-system
315 | # pod/mynginx-ns deleted
316 | ```
317 | 
318 | ```bash
319 | kubectl get pod -n default
320 | # NAME      READY   STATUS    RESTARTS   AGE
321 | # mynginx   1/1     Running   0          71m
322 | 
323 | kubectl get pod
324 | # NAME      READY   STATUS    RESTARTS   AGE
325 | # mynginx   1/1     Running   0          71m
326 | ```
327 | 
328 | ### 4.2.3 자동완성 기능
329 | 
330 | [https://kubernetes.io/docs/tasks/tools/install-kubectl/#enabling-shell-autocompletion](https://kubernetes.io/docs/tasks/tools/install-kubectl/#enabling-shell-autocompletion)
331 | 
332 | ```bash
333 | echo 'source <(kubectl completion bash)' >> ~/.bashrc
334 | source ~/.bashrc
335 | ```
336 | 
337 | ```bash
338 | kubectl run yournginx --image nginx
339 | # pod/yournginx created
340 | ```
341 | 
342 | ```bash
343 | kubectl get pod <TAB>
344 | # mynginx     yournginx
345 | ```
346 | 
347 | ### 4.2.4 즉석 리소스 생성 
348 | 
349 | ```bash
350 | # 즉석에서 YALM 문서를 생성하여 쿠버네티스에게 전달
351 | cat << EOF | kubectl apply -f -
352 | apiVersion: v1
353 | kind: Pod
354 | metadata:
355 |   name: cat-nginx
356 | spec:
357 |   containers:
358 |   - image: nginx
359 |     name: cat-nginx
360 | EOF
361 | # pod/cat-nginx created
362 | ```
363 | 
364 | ### 4.2.5 리소스 특정 정보 추출
365 | 
366 | ```bash
367 | kubectl get node master -o yaml
368 | # apiVersion: v1
369 | # kind: Node
370 | # metadata:
371 | #   annotations:
372 | #   ...
373 | # spec:
374 | #   podCIDR: 10.42.0.0/24
375 | #   podCIDRs:
376 | #   - 10.42.0.0/24
377 | #   providerID: k3s://master
378 | # status:
379 | #   addresses:
380 | #   - address: 10.0.1.1
381 | #     type: InternalIP
382 | #   - address: master
383 | #     type: Hostname
384 | ```
385 | 
386 | ```bash
387 | kubectl get node master -o wide
388 | # NAME     STATUS   ROLES    AGE   VERSION        INTERNAL-IP     ...
389 | # master   Ready    master   27m   v1.18.6+k3s1   10.0.1.1        ...
390 | ```
391 | 
392 | ```bash
393 | kubectl get node master -o jsonpath="{.status.addresses[0].address}"
394 | # 10.0.1.1
395 | ```
396 | 
397 | `jsonpath`에 대한 상세 사용법 참고
398 | 
399 | [https://kubernetes.io/docs/reference/kubectl/jsonpath](https://kubernetes.io/docs/reference/kubectl/jsonpath/)
400 | 
401 | ### 4.2.6 모든 리소스 조회
402 | 
403 | ```bash
404 | kubectl api-resources
405 | # NAME        SHORTNAMES  APIGROUP  NAMESPACED   KIND
406 | # namespaces  ns                    false        Namespace
407 | # nodes       no                    false        Node
408 | # pods        po                    true         Pod
409 | # ...
410 | ```
411 | 
412 | ```bash
413 | kubectl api-resources --namespaced=true 
414 | # NAME          SHORTNAMES   APIGROUP  NAMESPACED   KIND
415 | # bindings                             true         Binding
416 | # configmaps    cm                     true         ConfigMap
417 | # endpoints     ep                     true         Endpoints
418 | # events        ev                     true         Event
419 | ```
420 | 
421 | ### 4.2.7 리소스 설명
422 | 
423 | ```bash
424 | # Pod에 대한 정의를 확인할 수 있습니다.
425 | kubectl explain pods
426 | # KIND:     Pod
427 | # VERSION:  v1
428 | # 
429 | # DESCRIPTION:
430 | #      Pod is a collection of containers that can run on a host. 
431 | #      This resource is created by clients and scheduled onto hosts.
432 | # 
433 | # FIELDS:
434 | #    apiVersion   <string>
435 | #      APIVersion defines the versioned schema of this representation 
436 | # ....
437 | ```
438 | 
439 | ### 4.2.8 클러스터 상태 확인 
440 | 
441 | ```bash
442 | # 쿠버네티스 API서버 작동 여부 확인
443 | kubectl cluster-info
444 | 
445 | # 전체 노드 상태 확인
446 | kubectl get node
447 | 
448 | # 쿠버네티스 핵심 컴포넌트의 Pod 상태 확인
449 | kubectl get pod -n kube-system
450 | ```
451 | 
452 | ### 4.2.9 클라이언트 설정파일
453 | 
454 | ```bash
455 | kubectl config view
456 | # apiVersion: v1
457 | # clusters:
458 | # - cluster:
459 | #     certificate-authority-data: DATA+OMITTED
460 | #     server: https://127.0.0.1:6443
461 | #   name: default
462 | # ...
463 | ```
464 | 
465 | ```bash
466 | cat $HOME/.kube/config
467 | # apiVersion: v1
468 | # clusters:
469 | # - cluster:
470 | #     certificate-authority-data: ....
471 | #     server: https://127.0.0.1:6443
472 | #   name: default
473 | # contexts:
474 | # - context:
475 | #     cluster: default
476 | #     user: default
477 | #   name: default
478 | # current-context: default
479 | # kind: Config
480 | # preferences: {}
481 | # users:
482 | # - name: default
483 | #   user:
484 | #     password: ...
485 | #     username: admin
486 | ```
487 | 
488 | ### 4.2.10 `kubectl` 명령 치트시트
489 | 
490 | [https://kubernetes.io/docs/reference/kubectl/cheatsheet/](https://kubernetes.io/docs/reference/kubectl/cheatsheet/)
491 | 
492 | ### Clean Up
493 | 
494 | ```bash
495 | kubectl delete pod --all
496 | ```


--------------------------------------------------------------------------------
/chapters/04/mynginx.yaml:
--------------------------------------------------------------------------------
1 | # mynginx.yaml
2 | apiVersion: v1
3 | kind: Pod
4 | metadata:
5 |   name: mynginx
6 | spec:
7 |   containers: 
8 |   - name: mynginx
9 |     image: nginx


--------------------------------------------------------------------------------
/chapters/05/cmd.yaml:
--------------------------------------------------------------------------------
 1 | # cmd.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: cmd
 6 | spec:
 7 |   restartPolicy: OnFailure
 8 |   containers: 
 9 |   - name: nginx
10 |     image: nginx
11 |     # 실행명령
12 |     command: ["/bin/echo"]
13 |     # 파라미터
14 |     args: ["hello"]


--------------------------------------------------------------------------------
/chapters/05/downward-env.yaml:
--------------------------------------------------------------------------------
 1 | # downward-env.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: downward-env
 6 | spec:
 7 |   restartPolicy: OnFailure
 8 |   containers:
 9 |   - name: downward
10 |     image: k8s.gcr.io/busybox
11 |     command: [ "printenv"]
12 |     env:
13 |     - name: NODE_NAME
14 |       valueFrom:
15 |         fieldRef:
16 |           fieldPath: spec.nodeName
17 |     - name: POD_NAME
18 |       valueFrom:
19 |         fieldRef:
20 |           fieldPath: metadata.name
21 |     - name: POD_NAMESPACE
22 |       valueFrom:
23 |         fieldRef:
24 |           fieldPath: metadata.namespace
25 |     - name: POD_IP
26 |       valueFrom:
27 |         fieldRef:
28 |           fieldPath: status.podIP


--------------------------------------------------------------------------------
/chapters/05/downward-volume.yaml:
--------------------------------------------------------------------------------
 1 | # downward-volume.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: downward-volume
 6 |   labels:
 7 |     zone: ap-north-east
 8 |     cluster: cluster1
 9 | spec:
10 |   restartPolicy: OnFailure
11 |   containers:
12 |   - name: downward
13 |     image: k8s.gcr.io/busybox
14 |     command: ["sh", "-c"]
15 |     args: ["cat /etc/podinfo/labels"]
16 |     volumeMounts:
17 |     - name: podinfo
18 |       mountPath: /etc/podinfo
19 |   volumes:
20 |   - name: podinfo
21 |     downwardAPI:
22 |       items:
23 |       - path: "labels"
24 |         fieldRef:
25 |           fieldPath: metadata.labels


--------------------------------------------------------------------------------
/chapters/05/env.yaml:
--------------------------------------------------------------------------------
 1 | # env.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: env
 6 | spec:
 7 |   containers: 
 8 |   - name: nginx
 9 |     image: nginx
10 |     env:
11 |     - name: hello
12 |       value: "world!"


--------------------------------------------------------------------------------
/chapters/05/game-volume.yaml:
--------------------------------------------------------------------------------
 1 | # game-volume.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: game-volume
 6 | spec:
 7 |   restartPolicy: OnFailure
 8 |   containers:
 9 |   - name: game-volume
10 |     image: k8s.gcr.io/busybox
11 |     command: [ "/bin/sh", "-c", "cat /etc/config/game.properties" ]
12 |     volumeMounts:
13 |     - name: game-volume
14 |       mountPath: /etc/config
15 |   volumes:
16 |   - name: game-volume
17 |     configMap:
18 |       name: game-config


--------------------------------------------------------------------------------
/chapters/05/game.properties:
--------------------------------------------------------------------------------
1 | # game.properties
2 | weapon=gun
3 | health=3
4 | potion=5


--------------------------------------------------------------------------------
/chapters/05/init-container.yaml:
--------------------------------------------------------------------------------
 1 | # init-container.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: init-container
 6 | spec:
 7 |   restartPolicy: OnFailure
 8 |   containers: 
 9 |   - name: busybox
10 |     image: k8s.gcr.io/busybox
11 |     command: [ "ls" ]
12 |     args: [ "/tmp/moby" ]
13 |     volumeMounts:
14 |     - name: workdir
15 |       mountPath: /tmp
16 |   initContainers:
17 |   - name: git
18 |     image: alpine/git
19 |     command: ["sh"]
20 |     args:
21 |     - "-c"
22 |     - "git clone https://github.com/moby/moby.git /tmp/moby"
23 |     volumeMounts:
24 |     - name: workdir
25 |       mountPath: "/tmp"
26 |   volumes:
27 |   - name: workdir
28 |     emptyDir: {}


--------------------------------------------------------------------------------
/chapters/05/limits.yaml:
--------------------------------------------------------------------------------
 1 | # limits.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: limits
 6 | spec:
 7 |   restartPolicy: OnFailure
 8 |   containers: 
 9 |   - name: mynginx
10 |     image: python:3.7
11 |     command: [ "python" ]
12 |     args: [ "-c", "arr = []\nwhile True: arr.append(range(1000))" ]
13 |     resources:
14 |       limits:
15 |         cpu: "500m"
16 |         memory: "1Gi"


--------------------------------------------------------------------------------
/chapters/05/liveness.yaml:
--------------------------------------------------------------------------------
 1 | # liveness.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: liveness
 6 | spec:
 7 |   containers: 
 8 |   - name: nginx
 9 |     image: nginx
10 |     livenessProbe:
11 |       httpGet:
12 |         path: /live
13 |         port: 80


--------------------------------------------------------------------------------
/chapters/05/monster-config.yaml:
--------------------------------------------------------------------------------
 1 | # monster-config.yaml
 2 | apiVersion: v1
 3 | kind: ConfigMap
 4 | metadata:
 5 |   name: monster-config
 6 |   namespace: default
 7 | data:
 8 |   monsterType: fire
 9 |   monsterNum: "5"
10 |   monsterLife: "3"


--------------------------------------------------------------------------------
/chapters/05/monster-env.yaml:
--------------------------------------------------------------------------------
 1 | # monster-env.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: monster-env
 6 | spec:
 7 |   restartPolicy: OnFailure
 8 |   containers:
 9 |   - name: monster-env
10 |     image: k8s.gcr.io/busybox
11 |     command: [ "printenv" ]
12 |     # env 대신에 envFrom 사용
13 |     envFrom:
14 |     - configMapRef:
15 |         name: monster-config


--------------------------------------------------------------------------------
/chapters/05/mynginx.yaml:
--------------------------------------------------------------------------------
 1 | # mynginx.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   labels:
 6 |     run: mynginx
 7 |   name: mynginx
 8 | spec:
 9 |   containers:
10 |   - image: nginx
11 |     name: mynginx
12 |   restartPolicy: Never


--------------------------------------------------------------------------------
/chapters/05/node-selector.yaml:
--------------------------------------------------------------------------------
 1 | # node-selector.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: node-selector
 6 | spec:
 7 |   containers: 
 8 |   - name: nginx
 9 |     image: nginx
10 |   # 특정 노드 라벨 선택
11 |   nodeSelector:
12 |     disktype: ssd


--------------------------------------------------------------------------------
/chapters/05/readiness-cmd.yaml:
--------------------------------------------------------------------------------
 1 | # readiness-cmd.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: readiness-cmd
 6 | spec:
 7 |   containers: 
 8 |   - name: nginx
 9 |     image: nginx
10 |     readinessProbe:
11 |       exec:
12 |         command:
13 |         - cat
14 |         - /tmp/ready


--------------------------------------------------------------------------------
/chapters/05/readiness.yaml:
--------------------------------------------------------------------------------
 1 | # readiness.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: readiness
 6 | spec:
 7 |   containers: 
 8 |   - name: nginx
 9 |     image: nginx
10 |     readinessProbe:
11 |       httpGet:
12 |         path: /ready
13 |         port: 80


--------------------------------------------------------------------------------
/chapters/05/requests.yaml:
--------------------------------------------------------------------------------
 1 | # requests.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: requests
 6 | spec:
 7 |   containers: 
 8 |   - name: nginx
 9 |     image: nginx
10 |     resources:
11 |       requests:
12 |         cpu: "250m"
13 |         memory: "500Mi"


--------------------------------------------------------------------------------
/chapters/05/resources.yaml:
--------------------------------------------------------------------------------
 1 | # resources.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: resources
 6 | spec:
 7 |   containers: 
 8 |   - name: nginx
 9 |     image: nginx
10 |     resources:
11 |       requests:
12 |         cpu: "250m"
13 |         memory: "500Mi"
14 |       limits:
15 |         cpu: "500m"
16 |         memory: "1Gi"


--------------------------------------------------------------------------------
/chapters/05/second.yaml:
--------------------------------------------------------------------------------
 1 | # second.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: second
 6 | spec:
 7 |   containers: 
 8 |   - name: nginx
 9 |     image: nginx
10 |   - name: curl
11 |     image: curlimages/curl
12 |     command: ["/bin/sh"]
13 |     args: ["-c", "while true; do sleep 5; curl -s localhost; done"]


--------------------------------------------------------------------------------
/chapters/05/secret-env.yaml:
--------------------------------------------------------------------------------
 1 | # secret-env.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: secret-env
 6 | spec:
 7 |   restartPolicy: OnFailure
 8 |   containers:
 9 |   - name: secret-env
10 |     image: k8s.gcr.io/busybox
11 |     command: [ "printenv" ]
12 |     env:
13 |     - name: USERNAME
14 |       valueFrom:
15 |         secretKeyRef:
16 |           name: user-info
17 |           key: username
18 |     - name: PASSWORD
19 |       valueFrom:
20 |         secretKeyRef:
21 |           name: user-info
22 |           key: password


--------------------------------------------------------------------------------
/chapters/05/secret-envfrom.yaml:
--------------------------------------------------------------------------------
 1 | # secret-envfrom.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: secret-envfrom
 6 | spec:
 7 |   restartPolicy: OnFailure
 8 |   containers:
 9 |   - name: secret-envfrom
10 |     image: k8s.gcr.io/busybox
11 |     command: [ "printenv" ]
12 |     envFrom:
13 |     - secretRef:
14 |         name: user-info


--------------------------------------------------------------------------------
/chapters/05/secret-volume.yaml:
--------------------------------------------------------------------------------
 1 | # secret-volume.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: secret-volume
 6 | spec:
 7 |   restartPolicy: OnFailure
 8 |   containers:
 9 |   - name: secret-volume
10 |     image: k8s.gcr.io/busybox
11 |     command: [ "sh" ]
12 |     args: ["-c", "ls /secret; cat /secret/username"]
13 |     volumeMounts:
14 |     - name: secret
15 |       mountPath: "/secret"
16 |   volumes:
17 |   - name: secret
18 |     secret:
19 |       secretName: user-info


--------------------------------------------------------------------------------
/chapters/05/special-env.yaml:
--------------------------------------------------------------------------------
 1 | # special-env.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: special-env
 6 | spec:
 7 |   restartPolicy: OnFailure
 8 |   containers:
 9 |   - name: special-env
10 |     image: k8s.gcr.io/busybox
11 |     command: [ "printenv" ]
12 |     args: [ "special_env" ]
13 |     env:
14 |     - name: special_env
15 |       valueFrom:
16 |         configMapKeyRef:
17 |           name: special-config
18 |           key: special.power


--------------------------------------------------------------------------------
/chapters/05/user-info-stringdata.yaml:
--------------------------------------------------------------------------------
1 | # user-info-stringdata.yaml
2 | apiVersion: v1
3 | kind: Secret
4 | metadata:
5 |   name: user-info-stringdata
6 | type: Opaque
7 | stringData:
8 |   username: admin
9 |   password: password123


--------------------------------------------------------------------------------
/chapters/05/user-info.properties:
--------------------------------------------------------------------------------
1 | # user-info.properties
2 | username=admin
3 | password=password123


--------------------------------------------------------------------------------
/chapters/05/user-info.yaml:
--------------------------------------------------------------------------------
1 | # user-info.yaml
2 | apiVersion: v1
3 | kind: Secret
4 | metadata:
5 |   name: user-info
6 | type: Opaque
7 | data:
8 |   username: YWRtaW4=            # admin
9 |   password: cGFzc3dvcmQxMjM=    # password123


--------------------------------------------------------------------------------
/chapters/05/volume-empty.yaml:
--------------------------------------------------------------------------------
 1 | # volume-empty.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: volume-empty
 6 | spec:
 7 |   containers: 
 8 |   - name: nginx
 9 |     image: nginx
10 |     volumeMounts:
11 |     - mountPath: /container-volume
12 |       name: my-volume
13 |   volumes:
14 |   - name: my-volume
15 |     emptyDir: {}


--------------------------------------------------------------------------------
/chapters/05/volume.yaml:
--------------------------------------------------------------------------------
 1 | # volume.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: volume
 6 | spec:
 7 |   containers: 
 8 |   - name: nginx
 9 |     image: nginx
10 | 
11 |     # 컨테이너 내부의 연결 위치 지정
12 |     volumeMounts:
13 |     - mountPath: /container-volume
14 |       name: my-volume
15 |   
16 |   # host 서버의 연결 위치 지정
17 |   volumes:
18 |   - name: my-volume
19 |     hostPath:
20 |       path: /home


--------------------------------------------------------------------------------
/chapters/06/README.md:
--------------------------------------------------------------------------------
  1 | # 6. 쿠버네티스 네트워킹
  2 | 
  3 | ## 6.1 Service 소개
  4 | 
  5 | ```bash
  6 | kubectl run mynginx --image nginx
  7 | # pod/mynginx created
  8 | 
  9 | # Pod IP는 사용자마다 다릅니다.
 10 | kubectl get pod -owide
 11 | # NAME     READY   STATUS     RESTARTS   AGE   IP           NODE    ...
 12 | # mynginx  1/1     Running    0          12d   10.42.0.26   master  ...
 13 | 
 14 | kubectl exec mynginx -- curl -s 10.42.0.26
 15 | # <html>
 16 | # <head>
 17 | # <title>Welcome to nginx!</title>
 18 | # <style>
 19 | #     body {
 20 | # ...
 21 | ```
 22 | 
 23 | ### 6.1.3 Service 첫 만남
 24 | 
 25 | ```yaml
 26 | # myservice.yaml
 27 | apiVersion: v1
 28 | kind: Service
 29 | metadata:
 30 |   labels:
 31 |     hello: world
 32 |   name: myservice
 33 | spec:
 34 |   ports:
 35 |   - port: 8080
 36 |     protocol: TCP
 37 |     targetPort: 80
 38 |   selector:
 39 |     run: mynginx
 40 | ```
 41 | 
 42 | #### 라벨 셀렉터를 이용하여 `Pod`를 선택하는 이유
 43 | 
 44 | ```bash
 45 | # 앞에서 살펴 본 Service 리소스를 생성합니다.
 46 | kubectl apply -f myservice.yaml
 47 | # service/myservice created
 48 | 
 49 | # 생성된 Service 리소스를 조회합니다.
 50 | # Service IP (CLUSTER-IP)를 확인합니다. (예제에서는 10.43.152.73)
 51 | kubectl get service  # 축약 시, svc
 52 | # NAME          TYPE        CLUSTER-IP     EXTERNAL-IP  PORT(S)    AGE
 53 | # kubernetes    ClusterIP   10.43.0.1      <none>       443/TCP    24d
 54 | # myservice     ClusterIP   10.43.152.73   <none>       8080/TCP   6s
 55 | 
 56 | # Pod IP를 확인합니다. (예제에서는 10.42.0.226)
 57 | kubectl get pod -owide
 58 | # NAME     READY  STATUS    RESTARTS   AGE   IP            NODE   ...
 59 | # mynginx  1/1    Running   0          6s    10.42.0.226   master ...
 60 | ```
 61 | 
 62 | ```bash
 63 | # curl 요청할 client Pod 생성
 64 | kubectl run client --image nginx
 65 | # pod/client created
 66 | 
 67 | # Pod IP로 접근
 68 | kubectl exec client -- curl -s 10.42.0.226
 69 | 
 70 | # Service IP로 접근 (CLUSTER-IP)
 71 | kubectl exec client -- curl -s 10.43.152.73:8080
 72 | 
 73 | # Service 이름 (DNS 주소)로 접근
 74 | kubectl exec client -- curl -s myservice:8080
 75 | ```
 76 | 
 77 | ```bash
 78 | # DNS lookup을 수행하기 위해 nslookup 명령을 설치합니다.
 79 | kubectl exec client -- sh -c "apt update && apt install -y dnsutils"
 80 | # Hit:1 http://deb.debian.org/debian buster InRelease
 81 | # Hit:2 http://security.debian.org/debian-security buster/updates 
 82 | # Reading package lists...
 83 | # ...
 84 | 
 85 | # myservice의 DNS를 조회합니다.
 86 | kubectl exec client -- nslookup myservice
 87 | # Server:         10.43.0.10
 88 | # Address:        10.43.0.10#53
 89 | # 
 90 | # Name:   myservice.default.svc.cluster.local
 91 | # Address: 10.43.152.73
 92 | ```
 93 | ### 6.1.4 `Service` 도메인 주소 법칙
 94 | 
 95 | ```bash
 96 | # Service의 전체 도메인 주소를 조회합니다.
 97 | kubectl exec client -- nslookup myservice.default.svc.cluster.local
 98 | # Server:         10.43.0.10
 99 | # Address:        10.43.0.10#53
100 | # 
101 | # Name:   myservice.default.svc.cluster.local
102 | # Address: 10.43.152.73
103 | 
104 | # Service의 도메인 주소 일부를 생략하여 조회합니다.
105 | kubectl exec client -- nslookup myservice.default
106 | # Server:         10.43.0.10
107 | # Address:        10.43.0.10#53
108 | # 
109 | # Name:   myservice.default.svc.cluster.local
110 | # Address: 10.43.152.73
111 | 
112 | # Service 이름만 사용해도 참조가 가능합니다.
113 | kubectl exec client -- nslookup myservice
114 | # Server:         10.43.0.10
115 | # Address:        10.43.0.10#53
116 | # 
117 | # Name:   myservice.default.svc.cluster.local
118 | # Address: 10.43.152.73
119 | ```
120 | 
121 | ### 6.1.5 클러스터 DNS 서버
122 | 
123 | ```bash
124 | # 로컬 호스트 서버의 DNS 설정이 아닌 Pod의 DNS 설정을 확인합니다.
125 | kubectl exec client -- cat /etc/resolv.conf
126 | # nameserver 10.43.0.10
127 | # search default.svc.cluster.local svc.cluster.local cluster.local ap-northeast-2.compute.internal
128 | # options ndots:5
129 | ```
130 | 
131 | ```bash
132 | kubectl get svc -n kube-system
133 | # NAME      TYPE       CLUSTER-IP   EXTERNAL-IP  PORT(S) 
134 | # kube-dns  ClusterIP  10.43.0.10   <none>       53/UDP,53/TCP,9153/TCP 
135 | ```
136 | 
137 | ```bash
138 | kubectl get svc kube-dns -nkube-system --show-labels
139 | # NAME       TYPE         CLUSTER-IP  ...    AGE   LABELS
140 | # kube-dns   ClusterIP    10.43.0.10  ...    46h   k8s-app=kube-dns,...
141 | ```
142 | 
143 | ```bash
144 | kubectl get pod -n kube-system -l k8s-app=kube-dns
145 | # NAME              READY   STATUS    RESTARTS   AGE
146 | # coredns-6c6bb68   1/1     Running   0          46h
147 | ```
148 | 
149 | ## 6.2 Service 종류
150 | 
151 | ### 6.2.1 ClusterIP
152 | 
153 | ```bash
154 | kubectl run cluster-ip --image nginx --expose --port 80 \
155 |     --dry-run=client -o yaml > cluster-ip.yaml
156 | 
157 | vim cluster-ip.yaml
158 | ```
159 | 
160 | ```yaml
161 | # cluster-ip.yaml
162 | apiVersion: v1
163 | kind: Service
164 | metadata:
165 |   name: cluster-ip
166 | spec:
167 |   # type: ClusterIP  # 생략되어 있음
168 |   ports:
169 |   - port: 8080
170 |     protocol: TCP
171 |     targetPort: 80
172 |   selector:
173 |     run: cluster-ip
174 | ---
175 | apiVersion: v1
176 | kind: Pod
177 | metadata:
178 |   labels:
179 |     run: cluster-ip
180 |   name: cluster-ip
181 | spec:
182 |   containers:
183 |   - image: nginx
184 |     name: nginx
185 |     ports:
186 |     - containerPort: 80
187 | ```
188 | 
189 | ```bash
190 | kubectl apply -f cluster-ip.yaml
191 | # service/cluster-ip created
192 | # pod/cluster-ip created
193 | 
194 | kubectl get svc cluster-ip -oyaml | grep type
195 | #  type: ClusterIP
196 | 
197 | kubectl exec client -- curl -s cluster-ip
198 | # <!DOCTYPE html>
199 | # <html>
200 | # <head>
201 | # <title>Welcome to nginx!</title>
202 | # ...
203 | ```
204 | 
205 | ### 6.2.2 NodePort
206 | 
207 | ```yaml
208 | # node-port.yaml
209 | apiVersion: v1
210 | kind: Service
211 | metadata:
212 |   name: node-port
213 | spec:
214 |   type: NodePort     # type 추가
215 |   ports:
216 |   - port: 8080
217 |     protocol: TCP
218 |     targetPort: 80
219 |     nodePort: 30080  # 호스트(노드)의 포트 지정
220 |   selector:
221 |     run: node-port
222 | ---
223 | apiVersion: v1
224 | kind: Pod
225 | metadata:
226 |   labels:
227 |     run: node-port
228 |   name: node-port
229 | spec:
230 |   containers:
231 |   - image: nginx
232 |     name: nginx
233 |     ports:
234 |     - containerPort: 80
235 | ```
236 | 
237 | ```bash
238 | kubectl apply -f node-port.yaml
239 | # service/node-port created
240 | # pod/node-port created
241 | 
242 | kubectl get svc
243 | # NAME         TYPE        CLUSTER-IP     EXTERNAL-IP  PORT(S)         AGE
244 | # kubernetes   ClusterIP   10.43.0.1      <none>       443/TCP         26d
245 | # myservice    ClusterIP   10.43.152.73   <none>       8080/TCP        2d
246 | # cluster-ip   ClusterIP   10.43.9.166    <none>       8080/TCP        42h
247 | # node-port    NodePort    10.43.94.27    <none>       8080:30080/TCP  42h
248 | ```
249 | 
250 | ```bash
251 | # 트래픽을 전달 받을 Pod가 마스터 노드에 위치합니다.
252 | kubectl get pod node-port -owide
253 | # NAME         READY   STATUS    RESTARTS   AGE   IP           NODE   
254 | # node-port    1/1     Running   0          14m   10.42.0.28   master
255 | 
256 | MASTER_IP=$(kubectl get node master -ojsonpath="{.status.addresses[0].address}")
257 | curl $MASTER_IP:30080
258 | # <!DOCTYPE html>
259 | # <html>
260 | # <head>
261 | # ...
262 | 
263 | WORKER_IP=$(kubectl get node worker -ojsonpath="{.status.addresses[0].address}")
264 | curl $WORKER_IP:30080
265 | # <!DOCTYPE html>
266 | # <html>
267 | # <head>
268 | # ...
269 | ```
270 | 
271 | ```bash
272 | curl <공인IP>:30080
273 | 
274 | # 웹 브라우저에서 <공인IP>:30080으로도 확인할 수 있습니다.
275 | ```
276 | 
277 | ### 6.2.3 LoadBalancer
278 | 
279 | ```yaml
280 | # load-bal.yaml
281 | apiVersion: v1
282 | kind: Service
283 | metadata:
284 |   name: load-bal
285 | spec:
286 |   type: LoadBalancer  # 타입 LoadBalancer
287 |   ports:
288 |   - port: 8080
289 |     protocol: TCP
290 |     targetPort: 80
291 |     nodePort: 30088   # 30088로 변경
292 |   selector:
293 |     run: load-bal
294 | ---
295 | apiVersion: v1
296 | kind: Pod
297 | metadata:
298 |   labels:
299 |     run: load-bal
300 |   name: load-bal
301 | spec:
302 |   containers:
303 |   - image: nginx
304 |     name: nginx
305 |     ports:
306 |     - containerPort: 80
307 | ```
308 | 
309 | ```bash
310 | kubectl apply -f load-bal.yaml
311 | # service/load-bal created
312 | # pod/load-bal created
313 | 
314 | kubectl get svc load-bal
315 | # NAME         TYPE          CLUSTER-IP    EXTERNAL-IP    PORT(S)         
316 | # load-bal     LoadBalancer  10.43.230.45  10.0.1.1       8080:30088/TCP  
317 | ```
318 | 
319 | ```bash
320 | # <로드밸런서IP>:<Service Port>로 호출합니다.
321 | curl 10.0.1.1:8080
322 | ```
323 | 
324 | ```bash
325 | kubectl get pod
326 | # NAME                   READY   STATUS    RESTARTS   AGE
327 | # ...
328 | # svclb-load-bal-5n2z8   1/1     Running   0          4m
329 | # svclb-load-bal-svv8j   1/1     Running   0          4m
330 | ```
331 | 
332 | ### 6.2.4 ExternalName
333 | 
334 | ```yaml
335 | # external.yaml
336 | apiVersion: v1
337 | kind: Service
338 | metadata:
339 |   name: google-svc  # 별칭
340 | spec:
341 |   type: ExternalName
342 |   externalName: google.com  # 외부 DNS
343 | ```
344 | 
345 | ```bash
346 | kubectl apply -f external.yaml
347 | # service/google-svc created
348 | 
349 | kubectl run call-google --image curlimages/curl \
350 |               --  curl -s -H "Host: google.com" google-svc
351 | # pod/call-google created
352 | 
353 | kubectl logs call-google
354 | # <HTML><HEAD><meta http-equiv="content-type" content="text/..">
355 | # <TITLE>301 Moved</TITLE></HEAD><BODY>
356 | # <H1>301 Moved</H1>
357 | # ...
358 | ```
359 | 
360 | ## 참고할 자료
361 | 
362 | - 네트워크 구조: [https://kubernetes.io/docs/concepts/cluster-administration/networking/#the-kubernetes-network-model](https://kubernetes.io/docs/concepts/cluster-administration/networking/#the-kubernetes-network-model)
363 | - 쿠버네티스 네트워킹 이해하기: [https://coffeewhale.com/k8s/network/2019/04/19/k8s-network-01](https://coffeewhale.com/k8s/network/2019/04/19/k8s-network-01)
364 | 
365 | 
366 | ### Clean up
367 | 
368 | ```bash
369 | kubectl delete svc --all
370 | kubectl delete pod --all
371 | ```
372 | 


--------------------------------------------------------------------------------
/chapters/06/cluster-ip.yaml:
--------------------------------------------------------------------------------
 1 | # cluster-ip.yaml
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: cluster-ip
 6 | spec:
 7 |   # type: ClusterIP  # 생략되어 있음
 8 |   ports:
 9 |   - port: 8080
10 |     protocol: TCP
11 |     targetPort: 80
12 |   selector:
13 |     run: cluster-ip
14 | ---
15 | apiVersion: v1
16 | kind: Pod
17 | metadata:
18 |   labels:
19 |     run: cluster-ip
20 |   name: cluster-ip
21 | spec:
22 |   containers:
23 |   - image: nginx
24 |     name: nginx
25 |     ports:
26 |     - containerPort: 80


--------------------------------------------------------------------------------
/chapters/06/external.yaml:
--------------------------------------------------------------------------------
1 | # external.yaml
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 |   name: google-svc  # 별칭
6 | spec:
7 |   type: ExternalName
8 |   externalName: google.com  # 외부 DNS


--------------------------------------------------------------------------------
/chapters/06/load-bal.yaml:
--------------------------------------------------------------------------------
 1 | # load-bal.yaml
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: load-bal
 6 | spec:
 7 |   type: LoadBalancer  # 타입 LoadBalancer
 8 |   ports:
 9 |   - port: 8080
10 |     protocol: TCP
11 |     targetPort: 80
12 |     nodePort: 30088   # 30088로 변경
13 |   selector:
14 |     run: load-bal
15 | ---
16 | apiVersion: v1
17 | kind: Pod
18 | metadata:
19 |   labels:
20 |     run: load-bal
21 |   name: load-bal
22 | spec:
23 |   containers:
24 |   - image: nginx
25 |     name: nginx
26 |     ports:
27 |     - containerPort: 80


--------------------------------------------------------------------------------
/chapters/06/myservice.yaml:
--------------------------------------------------------------------------------
 1 | # myservice.yaml
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   labels:
 6 |     hello: world
 7 |   name: myservice
 8 | spec:
 9 |   ports:
10 |   - port: 8080
11 |     protocol: TCP
12 |     targetPort: 80
13 |   selector:
14 |     run: mynginx


--------------------------------------------------------------------------------
/chapters/06/node-port.yaml:
--------------------------------------------------------------------------------
 1 | # node-port.yaml
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: node-port
 6 | spec:
 7 |   type: NodePort     # type 추가
 8 |   ports:
 9 |   - port: 8080
10 |     protocol: TCP
11 |     targetPort: 80
12 |     nodePort: 30080  # 호스트(노드)의 포트 지정
13 |   selector:
14 |     run: node-port
15 | ---
16 | apiVersion: v1
17 | kind: Pod
18 | metadata:
19 |   labels:
20 |     run: node-port
21 |   name: node-port
22 | spec:
23 |   containers:
24 |   - image: nginx
25 |     name: nginx
26 |     ports:
27 |     - containerPort: 80


--------------------------------------------------------------------------------
/chapters/07/Dockerfile:
--------------------------------------------------------------------------------
1 | # Dockerfile
2 | FROM python:3.6.8-stretch
3 | 
4 | RUN pip install tensorflow==1.5 keras==2.0.8 h5py==2.7.1
5 | 
6 | COPY train.py .
7 | 
8 | ENTRYPOINT ["python", "train.py"]


--------------------------------------------------------------------------------
/chapters/07/cronjob.yaml:
--------------------------------------------------------------------------------
 1 | # cronjob.yaml
 2 | apiVersion: batch/v1beta1
 3 | kind: CronJob
 4 | metadata:
 5 |   name: hello
 6 | spec:
 7 |   schedule: "*/1 * * * *"
 8 |   jobTemplate:
 9 |     spec:
10 |       template:
11 |         spec:
12 |           containers:
13 |           - name: hello
14 |             image: busybox
15 |             args:
16 |             - /bin/sh
17 |             - -c
18 |             - date; echo Hello from the Kubernetes cluster
19 |           restartPolicy: OnFailure


--------------------------------------------------------------------------------
/chapters/07/fluentd.yaml:
--------------------------------------------------------------------------------
 1 | # fluentd.yaml
 2 | apiVersion: apps/v1
 3 | kind: DaemonSet
 4 | metadata:
 5 |   name: fluentd
 6 | spec:
 7 |   selector:
 8 |     matchLabels:
 9 |       name: fluentd
10 |   template:
11 |     metadata:
12 |       labels:
13 |         name: fluentd
14 |     spec:
15 |       containers:
16 |       - name: fluentd
17 |         image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
18 |         volumeMounts:
19 |         - name: varlibdockercontainers
20 |           mountPath: /var/lib/docker/containers
21 |           readOnly: true
22 |       volumes:
23 |       - name: varlibdockercontainers
24 |         hostPath:
25 |           path: /var/lib/docker/containers


--------------------------------------------------------------------------------
/chapters/07/job-bug.yaml:
--------------------------------------------------------------------------------
 1 | # job-bug.yaml
 2 | apiVersion: batch/v1
 3 | kind: Job
 4 | metadata:
 5 |   name: myjob-bug
 6 | spec:
 7 |   template:
 8 |     spec:
 9 |       containers:
10 |       - name: ml
11 |         image: $USERNAME/train
12 |         # int 타입이 아닌 string 타입 전달
13 |         args: ['bug-string', 'softmax', '0.5']
14 |       restartPolicy: Never
15 |   backoffLimit: 2


--------------------------------------------------------------------------------
/chapters/07/job.yaml:
--------------------------------------------------------------------------------
 1 | # job.yaml
 2 | apiVersion: batch/v1
 3 | kind: Job
 4 | metadata:
 5 |   name: myjob
 6 | spec:
 7 |   template:
 8 |     spec:
 9 |       containers:
10 |       - name: ml
11 |         image: $USERNAME/train
12 |         args: ['3', 'softmax', '0.5']
13 |       restartPolicy: Never
14 |   backoffLimit: 2


--------------------------------------------------------------------------------
/chapters/07/mydeploy.yaml:
--------------------------------------------------------------------------------
 1 | # mydeploy.yaml
 2 | apiVersion: apps/v1
 3 | kind: Deployment
 4 | metadata:
 5 |   name: mydeploy
 6 | spec:
 7 |   replicas: 10
 8 |   selector:
 9 |     matchLabels:
10 |       run: nginx
11 |   strategy:
12 |     type: RollingUpdate
13 |     rollingUpdate:
14 |       maxUnavailable: 25%  
15 |       maxSurge: 25%
16 |   template:
17 |     metadata:
18 |       labels:
19 |         run: nginx
20 |     spec:
21 |       containers:
22 |       - name: nginx
23 |         image: nginx:1.7.9


--------------------------------------------------------------------------------
/chapters/07/myreplicaset.yaml:
--------------------------------------------------------------------------------
 1 | # myreplicaset.yaml
 2 | apiVersion: apps/v1
 3 | kind: ReplicaSet
 4 | metadata:
 5 |   name: myreplicaset
 6 | spec:
 7 |   replicas: 2
 8 |   selector:
 9 |     matchLabels:
10 |       run: nginx-rs
11 |   template:
12 |     metadata:
13 |       labels:
14 |         run: nginx-rs
15 |     spec:
16 |       containers:
17 |       - name: nginx
18 |         image: nginx


--------------------------------------------------------------------------------
/chapters/07/mysts.yaml:
--------------------------------------------------------------------------------
 1 | # mysts.yaml
 2 | apiVersion: apps/v1
 3 | kind: StatefulSet
 4 | metadata:
 5 |   name: mysts
 6 | spec:
 7 |   serviceName: mysts
 8 |   replicas: 3
 9 |   selector:
10 |     matchLabels:
11 |       run: nginx
12 |   template:
13 |     metadata:
14 |       labels:
15 |         run: nginx
16 |     spec:
17 |       containers:
18 |       - name: nginx
19 |         image: nginx
20 |         volumeMounts:
21 |         - name: vol
22 |           mountPath: /usr/share/nginx/html
23 |   volumeClaimTemplates:
24 |   - metadata:
25 |       name: vol
26 |     spec:
27 |       accessModes: [ "ReadWriteOnce" ]
28 |       resources:
29 |         requests:
30 |           storage: 1Gi
31 | ---
32 | apiVersion: v1
33 | kind: Service
34 | metadata:
35 |   name: mysts
36 | spec:
37 |   clusterIP: None
38 |   ports:
39 |   - port: 8080
40 |     protocol: TCP
41 |     targetPort: 80
42 |   selector:
43 |     run: nginx


--------------------------------------------------------------------------------
/chapters/07/train.py:
--------------------------------------------------------------------------------
 1 | # train.py
 2 | import os, sys, json
 3 | import keras
 4 | from keras.datasets import mnist
 5 | from keras.models import Sequential
 6 | from keras.layers import Dense, Dropout
 7 | from keras.optimizers import RMSprop
 8 | 
 9 | #####################
10 | # parameters
11 | #####################
12 | epochs = int(sys.argv[1])
13 | activate = sys.argv[2]
14 | dropout = float(sys.argv[3])
15 | print(sys.argv)
16 | #####################
17 | 
18 | batch_size, num_classes, hidden = (128, 10, 512)
19 | loss_func = "categorical_crossentropy"
20 | opt = RMSprop()
21 | 
22 | # preprocess
23 | (x_train, y_train), (x_test, y_test) = mnist.load_data()
24 | x_train = x_train.reshape(60000, 784)
25 | x_test = x_test.reshape(10000, 784)
26 | x_train = x_train.astype('float32') / 255
27 | x_test = x_test.astype('float32') / 255
28 | 
29 | # convert class vectors to binary class matrices
30 | y_train = keras.utils.to_categorical(y_train, num_classes)
31 | y_test = keras.utils.to_categorical(y_test, num_classes)
32 | 
33 | # build model
34 | model = Sequential()
35 | model.add(Dense(hidden, activation='relu', input_shape=(784,)))
36 | model.add(Dropout(dropout))
37 | model.add(Dense(num_classes, activation=activate))
38 | model.summary()
39 | 
40 | model.compile(loss=loss_func, optimizer=opt, metrics=['accuracy'])
41 | 
42 | # train
43 | history = model.fit(x_train, y_train, batch_size=batch_size, 
44 |         epochs=epochs, validation_data=(x_test, y_test))
45 | 
46 | score = model.evaluate(x_test, y_test, verbose=0)
47 | print('Test loss:', score[0])
48 | print('Test accuracy:', score[1])


--------------------------------------------------------------------------------
/chapters/08/README.md:
--------------------------------------------------------------------------------
  1 | # 8. helm 패키지 매니저
  2 | 
  3 | ## 8.1 `helm`이란
  4 | 
  5 | ### 8.1.1 `helm` 설치
  6 | 
  7 | ```bash
  8 | curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash -s -- --version v3.2.2
  9 | ```
 10 | 
 11 | ### 8.1.2 `chart` 생성
 12 | 
 13 | ```bash
 14 | helm create mychart
 15 | # Creating mychart
 16 | 
 17 | ls mychart
 18 | # Chart.yaml  charts  templates  values.yaml
 19 | ```
 20 | 
 21 | ```bash
 22 | ls mychart/templates
 23 | # NOTES.txt
 24 | # _helpers.tpl
 25 | # deployment.yaml
 26 | # ingress.yaml
 27 | # service.yaml
 28 | # serviceaccount.yaml
 29 | # tests/
 30 | ```
 31 | 
 32 | ```yaml
 33 | # mychart/templates/service.yaml
 34 | apiVersion: v1
 35 | kind: Service
 36 | metadata:
 37 |   name: {{ include "mychart.fullname" . }}
 38 |   labels:
 39 |     {{- include "mychart.labels" . | nindent 4 }}
 40 | spec:
 41 |   type: {{ .Values.service.type }}         # 서비스 타입 지정
 42 |   ports:
 43 |     - port: {{ .Values.service.port }}     # 서비스 포트 지정
 44 |       targetPort: http
 45 |       protocol: TCP
 46 |       name: http
 47 |   selector:
 48 |     {{- include "mychart.selectorLabels" . | nindent 4 }}
 49 | ```
 50 | 
 51 | ```yaml
 52 | # values.yaml
 53 | replicaCount: 1
 54 | 
 55 | image:
 56 |   repository: nginx
 57 |   pullPolicy: IfNotPresent
 58 | 
 59 | imagePullSecrets: []
 60 | nameOverride: ""
 61 | fullnameOverride: ""
 62 | 
 63 | ...
 64 | # 약 40줄
 65 | service:
 66 |   type: LoadBalancer  # 기존 ClusterIP
 67 |   port: 8888          # 기존 80
 68 | 
 69 | ...
 70 | ```
 71 | 
 72 | ### 8.1.3 chart 설치
 73 | 
 74 | ```bash
 75 | helm install foo ./mychart
 76 | # NAME: foo
 77 | # LAST DEPLOYED: Tue Mar 10 14:26:02 2020
 78 | # NAMESPACE: default
 79 | # STATUS: deployed
 80 | # REVISION: 1
 81 | # NOTES:
 82 | #    ....
 83 | ```
 84 | 
 85 | ```bash
 86 | # service 리소스를 조회합니다.
 87 | kubectl get svc
 88 | # NAME         TYPE          CLUSTER-IP      EXTERNAL-IP    PORT(S)   
 89 | # kubernetes   ClusterIP     10.43.0.1       <none>         443/TCP   
 90 | # foo-mychart  LoadBalancer  10.43.142.107   10.0.1.1       8888:32597/TCP 
 91 | ```
 92 | 
 93 | ### 8.1.4 `chart` 리스트 조회
 94 | 
 95 | ```bash
 96 | # 설치된 chart 리스트 확인하기
 97 | helm list
 98 | # NAME    NAMESPACE  REVISION  UPDATED   STATUS    CHART          APP VER
 99 | # foo     default    1         2020-3-1  deployed  mychart-0.1.0  1.16.0
100 | 
101 | # 다른 네임스페이스에는 설치된 chart가 없습니다.
102 | helm list -n kube-system
103 | # NAME   NAMESPACE   REVISION    UPDATED STATUS  CHART   APP   VERSION
104 | ```
105 | 
106 | ### 8.1.5 chart 랜더링
107 | 
108 | ```bash
109 | helm template foo ./mychart > foo-output.yaml
110 | 
111 | cat foo-output.yaml
112 | # 전체 YAML 정의서 출력
113 | ```
114 | 
115 | ### 8.1.6 chart 업그레이드
116 | 
117 | ```yaml
118 | # values.yaml
119 | ...
120 | 
121 | service:
122 |   type: NodePort    # 기존 LoadBalancer
123 |   port: 8888        
124 | ...
125 | ```
126 | 
127 | ```bash
128 | helm upgrade foo ./mychart
129 | # Release "foo" has been upgraded. Happy Helming!
130 | # NAME: foo
131 | # LAST DEPLOYED: Mon Jul  6 19:26:35 2020
132 | # NAMESPACE: default
133 | # STATUS: deployed
134 | # REVISION: 2
135 | # ...
136 | 
137 | kubectl get svc
138 | # NAME        TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)          
139 | # kubernetes  ClusterIP   10.43.0.1      <none>        443/TCP   
140 | # foo         NodePort    10.43.155.85   <none>        8888:32160/TCP 
141 | 
142 | helm list
143 | # NAME     NAMESPACE  REVISION   UPDATED    STATUS      CHART      
144 | # foo      default    2          2020-3-2   deployed    mychart-0.1.0 
145 | ```
146 | 
147 | ### 8.1.7 chart 배포상태 확인
148 | 
149 | ```bash
150 | helm status foo
151 | # Release "foo" has been upgraded. Happy Helming!
152 | # NAME: foo
153 | # LAST DEPLOYED: Mon Jul  6 19:26:35 2020
154 | # NAMESPACE: default
155 | # STATUS: deployed
156 | # REVISION: 2
157 | # ...
158 | ```
159 | 
160 | ### 8.1.8 `chart` 삭제
161 | 
162 | ```bash
163 | helm delete foo
164 | # release "foo" uninstalled
165 | 
166 | helm list
167 | # NAME   NAMESPACE   REVISION    UPDATED STATUS  CHART   APP   VERSION
168 | ```
169 | 
170 | ## 8.2 원격 레포지토리
171 | 
172 | ### 8.2.1 레포지토리 추가
173 | 
174 | ```bash
175 | # stable repo 추가
176 | helm repo add stable https://kubernetes-charts.storage.googleapis.com
177 | ```
178 | 
179 | ### 8.2.2 레포지토리 업데이트
180 | 
181 | ```bash
182 | # repo update
183 | helm repo update
184 | # ...Successfully got an update from the "stable" chart repository
185 | # Update Complete. ⎈ Happy Helming!⎈
186 | ```
187 | 
188 | ### 8.2.3 레포지토리 조회
189 | 
190 | ```bash
191 | # 현재 등록된 repo 리스트
192 | helm repo list
193 | # NAME    URL
194 | # stable  https://kubernetes-charts.storage.googleapis.com
195 | ```
196 | 
197 | ### 8.2.4 레포지토리내 chart 조회
198 | 
199 | ```bash
200 | # stable 레포 안의 chart 리스트
201 | helm search repo stable
202 | # NAME                    CHART VERSION  APP VERSION    DESCRIPTION
203 | # stable/aerospike        0.3.2          v4.5.0.5       A Helm chart ..
204 | # stable/airflow          7.1.4          1.10.10        Airflow is a ..
205 | # stable/ambassador       5.3.2          0.86.1         DEPRECATED ...
206 | # stable/anchore-engine   1.6.8          0.7.2          Anchore container
207 | # stable/apm-server       2.1.5          7.0.0          The server ...
208 | # ...
209 | 
210 | helm search repo stable/airflow
211 | # NAME            CHART VERSION   APP VERSION     DESCRIPTION
212 | # stable/airflow  7.2.0           1.10.10         Airflow is a plat...
213 | ```
214 | 
215 | 다음 주소에서 `stable` 레포지토리 외에 다양한 원격 저장소를 조회해 볼 수 있습니다. 
216 | 
217 | helm 허브: [https://hub.helm.sh/charts](https://hub.helm.sh/charts)
218 | 
219 | ## 8.3 외부 chart 설치 (WordPress)
220 | 
221 | ### 8.3.1 `chart install`
222 | 
223 | ```bash
224 | helm install wp stable/wordpress \
225 |     --version 9.0.3 \
226 |     --set service.port=8080 \
227 |     --namespace default
228 | # WARNING: This chart is deprecated
229 | # NAME: wp
230 | # LAST DEPLOYED: Mon Jul  6 20:44:55 2020
231 | # NAMESPACE: default
232 | # STATUS: deployed
233 | # REVISION: 1
234 | # NOTES:
235 | # ...
236 | 
237 | kubectl get pod
238 | # NAME             READY   STATUS              RESTARTS   AGE
239 | # svclb-wp-xv6b6   2/2     Running             0          6s
240 | # wp-mariadb-0     0/1     ContainerCreating   0          6s
241 | # wp-6d78b5c456    0/1     Running             0          6s
242 | 
243 | kubectl get svc
244 | # NAME         TYPE          CLUSTER-IP     EXTERNAL-IP   PORT(S)     
245 | # kubernetes   ClusterIP     10.43.0.1      <none>        443/TCP
246 | # wp-mariadb   ClusterIP     10.43.90.229   <none>        3306/TCP
247 | # wp           LoadBalancer  10.43.167.4    10.0.1.1      8080:30887/TCP,...
248 | ```
249 | 
250 | ```yaml
251 | # values.yaml
252 | ...
253 | service:
254 |   port: 80  -->  8080
255 | ...
256 | ```
257 | 
258 | ```bash
259 | # curl로 접근해 봅니다.
260 | curl localhost:8080
261 | ```
262 | 
263 | ### 8.3.2 `chart fetch`
264 | 
265 | ```bash
266 | helm fetch --untar stable/wordpress --version 9.0.3
267 | 
268 | ls wordpress/
269 | # Chart.yaml  README.md  charts  requirements.lock  
270 | # requirements.yaml  templates  values.schema.json  values.yaml
271 | 
272 | # 사용자 입맛에 따라 세부 설정값 변경
273 | vim wordpress/values.yaml
274 | # ...
275 | 
276 | helm install wp-fetch ./wordpress
277 | # WARNING: This chart is deprecated
278 | # NAME: wp-fetch
279 | # LAST DEPLOYED: Mon Jul  6 20:44:55 2020
280 | # NAMESPACE: default
281 | # STATUS: deployed
282 | # REVISION: 1
283 | # NOTES:
284 | # ...
285 | ```
286 | 
287 | ### Clean up
288 | 
289 | ```bash
290 | helm delete wp
291 | helm delete wp-fetch
292 | kubectl delete pvc data-wp-mariadb-0 data-wp-fetch-mariadb-0
293 | ```
294 | 


--------------------------------------------------------------------------------
/chapters/09/README.md:
--------------------------------------------------------------------------------
  1 | # 9. Ingress 리소스
  2 | 
  3 | ## 9.1 Ingress란
  4 | 
  5 | ### 9.1.2 NGINX Ingress Controller 설치
  6 | 
  7 | ```bash
  8 | # NGINX Ingress Controller를 위한 네임스페이스를 생성합니다.
  9 | kubectl create ns ctrl
 10 | # namespace/ctrl created
 11 | 
 12 | # nginx-ingress 설치
 13 | helm install ingress stable/nginx-ingress --version 1.40.3 -n ctrl
 14 | # NAME: ingress
 15 | # LAST DEPLOYED: Wed Mar 11 13:31:14 2020
 16 | # NAMESPACE: ctrl
 17 | # STATUS: deployed
 18 | # REVISION: 1
 19 | # TEST SUITE: None
 20 | # NOTES:
 21 | #     ...
 22 | ```
 23 | 
 24 | ```bash
 25 | kubectl get pod -n ctrl
 26 | # NAME                            READY   STATUS      RESTARTS  AGE
 27 | # ingress-controller-7444984      1/1     Running     0         6s
 28 | # svclb-ingress-controller-dcph4  2/2     Running     0         6s
 29 | # ingress-default-backend-659bd6  1/1     Running     0         6s
 30 |  
 31 | kubectl get svc -n ctrl
 32 | # NAME                     TYPE          ...  EXTERNAL-IP    PORT(S)  
 33 | # ingress-default-backend  ClusterIP     ...  <none>         80/TCP
 34 | # ingress-controller       LoadBalancer  ...  10.0.1.1       80:..,443:..
 35 | ```
 36 | 
 37 | ## 9.2 `Ingress` 기본 사용법
 38 | 
 39 | ### 9.2.1 도메인 주소 테스트
 40 | 
 41 | [https://sslip.io](https://sslip.io)의 서브 도메인에 IP를 입력하면 해당하는 IP를 DNS lookup 결과로 반환해 줍니다.
 42 | 
 43 | ```
 44 | IP == IP.sslip.io
 45 | ```
 46 | 
 47 | ```bash
 48 | nslookup 10.0.1.1.sslip.io
 49 | # Address: 10.0.1.1
 50 | ```
 51 | 
 52 | ```bash
 53 | nslookup subdomain.10.0.1.1.sslip.io
 54 | # Address: 10.0.1.1
 55 | ```
 56 | 
 57 | #### Ingress Controller IP 확인 방법 
 58 | 
 59 | 다음 명령을 통해 Ingress Controller IP를 확인할 수 있습니다. 호스트 서버(마스터, 워커) 중 하나의 내부IP가 반환될 것입니다.
 60 | 
 61 | ```bash
 62 | INGRESS_IP=$(kubectl get svc -nctrl ingress-nginx-ingress-controller -ojsonpath="{.status.loadBalancer.ingress[0].ip}")
 63 | echo $INGRESS_IP
 64 | # 10.0.1.1
 65 | ```
 66 | 
 67 | 
 68 | ### 9.2.2 첫 `Ingress` 생성
 69 | 
 70 | ```bash
 71 | kubectl run mynginx --image nginx --expose --port 80
 72 | # pod/mynginx created
 73 | # pod/service created
 74 | 
 75 | # comma로 여러 리소스를 한번에 조회할 수 있습니다.
 76 | kubectl get pod,svc mynginx
 77 | # NAME          READY   STATUS    RESTARTS   AGE
 78 | # pod/mynginx   1/1     Running   0          8m38s
 79 | 
 80 | # NAME             TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
 81 | # service/mynginx  ClusterIP  10.43.203.151  <none>        80/TCP    8m38s
 82 | ```
 83 | 
 84 | ```yaml
 85 | # mynginx-ingress.yaml
 86 | apiVersion: extensions/v1beta1
 87 | kind: Ingress
 88 | metadata:
 89 |   annotations:
 90 |     kubernetes.io/ingress.class: nginx
 91 |   name: mynginx
 92 | spec:
 93 |   rules:
 94 |   - host: 10.0.1.1.sslip.io
 95 |     http:
 96 |       paths:
 97 |       - path: /
 98 |         backend:
 99 |           serviceName: mynginx
100 |           servicePort: 80
101 | ```
102 | 
103 | ```bash
104 | kubectl apply -f mynginx-ingress.yaml
105 | # ingress.extensions/mynginx created
106 | 
107 | kubectl get ingress
108 | # NAME      CLASS    HOSTS              ADDRESS    PORTS     AGE
109 | # mynginx   <none>   10.0.1.1.sslip.io  10.0.1.1   80        10m
110 | 
111 | # mynginx 서비스로 연결
112 | curl 10.0.1.1.sslip.io
113 | # <!DOCTYPE html>
114 | # <html>
115 | # <head>
116 | # <title>Welcome to nginx!</title>
117 | # ...
118 | ```
119 | 
120 | ### 9.2.3 도메인 기반 라우팅
121 | 
122 | ```bash
123 | # apache web server
124 | kubectl run apache --image httpd --expose --port 80
125 | # pod/apache created
126 | # service/apache created
127 | 
128 | # nginx web server
129 | kubectl run nginx --image nginx --expose --port 80
130 | # pod/nginx created
131 | # service/nginx created
132 | ```
133 | 
134 | ```yaml
135 | # domain-based-ingress.yaml
136 | apiVersion: extensions/v1beta1
137 | kind: Ingress
138 | metadata:
139 |   annotations:
140 |     kubernetes.io/ingress.class: nginx
141 |   name: apache-domain
142 | spec:
143 |   rules:
144 |     # apache 서브 도메인
145 |   - host: apache.10.0.1.1.sslip.io
146 |     http:
147 |       paths:
148 |       - backend:
149 |           serviceName: apache
150 |           servicePort: 80
151 |         path: /
152 | ---  
153 | apiVersion: extensions/v1beta1
154 | kind: Ingress
155 | metadata:
156 |   annotations:
157 |     kubernetes.io/ingress.class: nginx
158 |   name: nginx-domain
159 | spec:
160 |   rules:
161 |     # nginx 서브 도메인
162 |   - host: nginx.10.0.1.1.sslip.io
163 |     http:
164 |       paths:
165 |       - backend:
166 |           serviceName: nginx
167 |           servicePort: 80
168 |         path: /
169 | ```
170 | 
171 | ```bash
172 | kubectl apply -f domain-based-ingress.yaml
173 | # ingress.extensions/apache-domain created
174 | # ingress.extensions/nginx-domain created
175 | 
176 | curl apache.10.0.1.1.sslip.io
177 | # <html><body><h1>It works!</h1></body></html>
178 | 
179 | curl nginx.10.0.1.1.sslip.io
180 | # <!DOCTYPE html>
181 | # <html>
182 | # <head>
183 | # <title>Welcome to nginx!</title>
184 | # ...
185 | ```
186 | 
187 | ### 9.2.4 Path 기반 라우팅
188 | 
189 | ```yaml
190 | # path-based-ingress.yaml
191 | apiVersion: extensions/v1beta1
192 | kind: Ingress
193 | metadata:
194 |   annotations:
195 |     kubernetes.io/ingress.class: nginx
196 |     nginx.ingress.kubernetes.io/rewrite-target: / 
197 |   name: apache-path
198 | spec:
199 |   rules:
200 |   - host: 10.0.1.1.sslip.io
201 |     http:
202 |       paths:
203 |       - backend:
204 |           serviceName: apache
205 |           servicePort: 80
206 |         path: /apache
207 | ---  
208 | apiVersion: extensions/v1beta1
209 | kind: Ingress
210 | metadata:
211 |   annotations:
212 |     kubernetes.io/ingress.class: nginx
213 |     nginx.ingress.kubernetes.io/rewrite-target: / 
214 |   name: nginx-path
215 | spec:
216 |   rules:
217 |   - host: 10.0.1.1.sslip.io
218 |     http:
219 |       paths:
220 |       - backend:
221 |           serviceName: nginx
222 |           servicePort: 80
223 |         path: /nginx
224 | ```
225 | 
226 | ```bash
227 | kubectl apply -f path-based-ingress.yaml
228 | # ingress.extensions/apache-path created
229 | # ingress.extensions/nginx-path created
230 | 
231 | curl 10.0.1.1.sslip.io/apache
232 | # <html><body><h1>It works!</h1></body></html>
233 | 
234 | curl 10.0.1.1.sslip.io/nginx
235 | # <!DOCTYPE html>
236 | # <html>
237 | # <head>
238 | # <title>Welcome to nginx!</title>
239 | # ...
240 | ```
241 | 
242 | ## 9.3 Basic Auth 설정
243 | 
244 | ### 9.3.1 Basic Authentication
245 | 
246 | ```bash
247 | Authorization: Basic $BASE64(user:password)
248 | ```
249 | 
250 | ```bash
251 | # 헤더 없이 접속 시도
252 | curl -v https://httpbin.org/basic-auth/foo/bar
253 | # HTTP/2 401 
254 | # ...
255 | # www-authenticate: Basic realm="Fake Realm"
256 | 
257 | # basic auth 헤더 전송
258 | curl -v -H "Authorization: Basic $(echo -n foo:bar | base64)" https://httpbin.org/basic-auth/foo/bar
259 | # HTTP/2 200 
260 | # ..
261 | # {
262 | #   "authenticated": true, 
263 | #   "user": "foo"
264 | # }
265 | ```
266 | 
267 | ### 9.3.2 Basic Auth 설정
268 | 
269 | ```bash
270 | # htpasswd binary 설치
271 | sudo apt install -y apache2-utils
272 | 
273 | # 아이디는 foo, 비밀번호는 bar인 auth 파일 생성
274 | htpasswd -cb auth foo bar
275 | 
276 | # 생성한 auth 파일을 Secret으로 생성합니다.
277 | kubectl create secret generic basic-auth --from-file=auth
278 | 
279 | # Secret 리소스 생성 확인
280 | kubectl get secret basic-auth -oyaml
281 | # apiVersion: v1
282 | # data:
283 | #   auth: Zm9vOiRhcHIxJE1UTy9MMUN0JEdNek8xOVZtMXdKYWt6R0tjLjhQTS8K
284 | # kind: Secret
285 | # metadata:
286 | #   name: basic-auth
287 | #   namespace: default
288 | #   resourceVersion: "3648288"
289 | #   selfLink: /api/v1/namespaces/default/secrets/basic-auth
290 | #   uid: b9966176-5259-4e3f-8476-c7e308ae21a1
291 | # type: Opaque
292 | ```
293 | 
294 | ```yaml
295 | # apache-auth.yaml
296 | apiVersion: extensions/v1beta1
297 | kind: Ingress
298 | metadata:
299 |   annotations:
300 |     kubernetes.io/ingress.class: nginx
301 |     nginx.ingress.kubernetes.io/auth-type: basic
302 |     nginx.ingress.kubernetes.io/auth-secret: basic-auth
303 |     nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
304 |   name: apache-auth
305 | spec:
306 |   rules:
307 |   - host: apache-auth.10.0.1.1.sslip.io
308 |     http:
309 |       paths:
310 |       - backend:
311 |           serviceName: apache
312 |           servicePort: 80
313 |         path: /
314 | ```
315 | 
316 | ```bash
317 | curl -I apache-auth.10.0.1.1.sslip.io
318 | # HTTP/1.1 401 Unauthorized
319 | # Server: nginx/1.17.10
320 | # Date: Tue, 07 Jul 2020 12:30:43 GMT
321 | # Content-Type: text/html
322 | # Content-Length: 180
323 | # Connection: keep-alive
324 | # WWW-Authenticate: Basic realm="Authentication Required - foo"
325 | 
326 | curl -I -H "Authorization: Basic $(echo -n foo:bar | base64)" apache-auth.10.0.1.1.sslip.io
327 | # HTTP/1.1 200 OK
328 | # Server: nginx/1.17.10
329 | # Date: Tue, 07 Jul 2020 12:31:14 GMT
330 | # Content-Type: text/html
331 | # Content-Length: 45
332 | # Connection: keep-alive
333 | # Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT
334 | # ETag: "2d-432a5e4a73a80"
335 | # Accept-Ranges: bytes
336 | ```
337 | 
338 | ## 9.4 TLS 설정
339 | 
340 | ### 9.4.1 Self-signed 인증서 설정
341 | 
342 | #### Self-signed 인증서 생성하기
343 | 
344 | ```bash
345 | openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=apache-tls.10.0.1.1.sslip.io"
346 | # Generating a RSA private key
347 | # ...................................................+++++
348 | # .....+++++
349 | # writing new private key to 'tls.key'
350 | # -----
351 | tls.crt  # 인증서
352 | tls.key  # 개인키
353 | ```
354 | 
355 | ```bash
356 | cat << EOF | kubectl apply -f -
357 | apiVersion: v1
358 | kind: Secret
359 | metadata:
360 |   name: my-tls-certs
361 |   namespace: default
362 | data:
363 |   tls.crt: $(cat tls.crt | base64 | tr -d '\n')
364 |   tls.key: $(cat tls.key | base64 | tr -d '\n')
365 | type: kubernetes.io/tls
366 | EOF
367 | ```
368 | 
369 | #### Ingress TLS 설정하기
370 | 
371 | ```yaml
372 | # apache-tls.yaml
373 | apiVersion: networking.k8s.io/v1beta1
374 | kind: Ingress
375 | metadata:
376 |   name: apache-tls
377 | spec:
378 |   tls:
379 |   - hosts:
380 |       - apache-tls.10.0.1.1.sslip.io
381 |     secretName: my-tls-certs
382 |   rules:
383 |   - host: apache-tls.10.0.1.1.sslip.io
384 |     http:
385 |       paths:
386 |       - path: /
387 |         backend:
388 |           serviceName: apache
389 |           servicePort: 80
390 | ```
391 | 
392 | ```bash
393 | kubectl apply -f apache-tls.yaml
394 | # ingress.networking.k8s.io/apache-tls created
395 | ```
396 | 
397 | ### 9.4.2 cert-manager를 이용한 인증서 발급 자동화
398 | 
399 | #### cert-manager 설치
400 | 
401 | ```bash
402 | # cert-manager라는 네임스페이스 생성
403 | kubectl create namespace cert-manager
404 | 
405 | # cert-manager 관련 사용자 정의 리소스 생성
406 | kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.15.1/cert-manager.crds.yaml
407 | # customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
408 | # customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manage...
409 | # ...
410 | 
411 | # jetstack 레포지토리 추가
412 | helm repo add jetstack https://charts.jetstack.io
413 | #"jetstack" has been added to your repositories
414 | 
415 | # 레포지토리 index 업데이트
416 | helm repo update
417 | # Hang tight while we grab the latest from your chart repositories...
418 | # ...Successfully got an update from the "jetstack" chart repository
419 | 
420 | # cert-manager 설치
421 | helm install \
422 |   cert-manager jetstack/cert-manager \
423 |   --namespace cert-manager \
424 |   --version v0.15.1
425 | ```
426 | 
427 | #### Issuer 생성
428 | 
429 | ```yaml
430 | # http-issuer.yaml
431 | apiVersion: cert-manager.io/v1alpha2
432 | kind: ClusterIssuer
433 | metadata:
434 |   name: http-issuer
435 | spec:
436 |   acme:
437 |     email: <EMAIL>
438 |     server: https://acme-v02.api.letsencrypt.org/directory
439 |     privateKeySecretRef:
440 |       name: issuer-key
441 |     solvers:
442 |     - http01:
443 |        ingress:
444 |          class: nginx
445 | ```
446 | 
447 | ```bash
448 | kubectl apply -f http-issuer.yaml
449 | # clusterissuer.cert-manager.io/http-issuer created
450 | 
451 | kubectl get clusterissuer
452 | # NAME          READY   AGE
453 | # http-issuer   True    2m
454 | ```
455 | 
456 | #### cert-manager가 관리하는 TLS `Ingress` 생성
457 | 
458 | ```yaml
459 | # apache-tls-issuer.yaml
460 | apiVersion: extensions/v1beta1
461 | kind: Ingress
462 | metadata:
463 |   annotations:
464 |     kubernetes.io/ingress.class: nginx
465 |     # 앞서 생성한 발급자 지정
466 |     cert-manager.io/cluster-issuer: http-issuer
467 |   name: apache-tls-issuer
468 | spec:
469 |   rules:
470 |   # 10.0.1.1을 공인IP로 변경해 주세요.
471 |   - host: apache-issuer.10.0.1.1.sslip.io
472 |     http:
473 |       paths:
474 |       - backend:
475 |           serviceName: apache
476 |           servicePort: 80
477 |         path: /
478 |   tls:
479 |   - hosts:
480 |     # 10.0.1.1을 공인IP로 변경해 주세요.
481 |     - apache-issuer.10.0.1.1.sslip.io
482 |     secretName: apache-tls
483 | ```
484 | 
485 | ```bash
486 | kubectl apply -f apache-tls-issuer
487 | # ingress.networking.k8s.io/apache-tls-issuer created
488 | 
489 | kubectl get certificate 
490 | # NAME         READY   SECRET       AGE
491 | # apache-tls   False   apache-tls   38s
492 | 
493 | kubectl get certificate 
494 | # NAME         READY   SECRET       AGE
495 | # apache-tls   True    apache-tls   75s
496 | ```
497 | 
498 | ### Clean up
499 | 
500 | ```bash
501 | kubectl delete ingress --all
502 | kubectl delete pod apache nginx mynginx
503 | kubectl delete svc apache nginx mynginx
504 | ```
505 | 


--------------------------------------------------------------------------------
/chapters/09/apache-auth.yaml:
--------------------------------------------------------------------------------
 1 | # apache-auth.yaml
 2 | apiVersion: extensions/v1beta1
 3 | kind: Ingress
 4 | metadata:
 5 |   annotations:
 6 |     kubernetes.io/ingress.class: nginx
 7 |     nginx.ingress.kubernetes.io/auth-type: basic
 8 |     nginx.ingress.kubernetes.io/auth-secret: basic-auth
 9 |     nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
10 |   name: apache-auth
11 | spec:
12 |   rules:
13 |   - host: apache-auth.10.0.1.1.sslip.io
14 |     http:
15 |       paths:
16 |       - backend:
17 |           serviceName: apache
18 |           servicePort: 80
19 |         path: /


--------------------------------------------------------------------------------
/chapters/09/apache-tls-issuer.yaml:
--------------------------------------------------------------------------------
 1 | # apache-tls-issuer.yaml
 2 | apiVersion: extensions/v1beta1
 3 | kind: Ingress
 4 | metadata:
 5 |   annotations:
 6 |     kubernetes.io/ingress.class: nginx
 7 |     # 앞서 생성한 발급자 지정
 8 |     cert-manager.io/cluster-issuer: http-issuer
 9 |   name: apache-tls-issuer
10 | spec:
11 |   rules:
12 |   # 10.0.1.1을 공인IP로 변경해 주세요.
13 |   - host: apache-issuer.10.0.1.1.sslip.io
14 |     http:
15 |       paths:
16 |       - backend:
17 |           serviceName: apache
18 |           servicePort: 80
19 |         path: /
20 |   tls:
21 |   - hosts:
22 |     # 10.0.1.1을 공인IP로 변경해 주세요.
23 |     - apache-issuer.10.0.1.1.sslip.io
24 |     secretName: apache-tls


--------------------------------------------------------------------------------
/chapters/09/apache-tls.yaml:
--------------------------------------------------------------------------------
 1 | # apache-tls.yaml
 2 | apiVersion: networking.k8s.io/v1beta1
 3 | kind: Ingress
 4 | metadata:
 5 |   name: apache-tls
 6 | spec:
 7 |   tls:
 8 |   - hosts:
 9 |       - apache-tls.10.0.1.1.sslip.io
10 |     secretName: my-tls-certs
11 |   rules:
12 |   - host: apache-tls.10.0.1.1.sslip.io
13 |     http:
14 |       paths:
15 |       - path: /
16 |         backend:
17 |           serviceName: apache
18 |           servicePort: 80


--------------------------------------------------------------------------------
/chapters/09/domain-based-ingress.yaml:
--------------------------------------------------------------------------------
 1 | # domain-based-ingress.yaml
 2 | apiVersion: extensions/v1beta1
 3 | kind: Ingress
 4 | metadata:
 5 |   annotations:
 6 |     kubernetes.io/ingress.class: nginx
 7 |   name: apache-domain
 8 | spec:
 9 |   rules:
10 |     # apache 서브 도메인
11 |   - host: apache.10.0.1.1.sslip.io
12 |     http:
13 |       paths:
14 |       - backend:
15 |           serviceName: apache
16 |           servicePort: 80
17 |         path: /
18 | ---  
19 | apiVersion: extensions/v1beta1
20 | kind: Ingress
21 | metadata:
22 |   annotations:
23 |     kubernetes.io/ingress.class: nginx
24 |   name: nginx-domain
25 | spec:
26 |   rules:
27 |     # nginx 서브 도메인
28 |   - host: nginx.10.0.1.1.sslip.io
29 |     http:
30 |       paths:
31 |       - backend:
32 |           serviceName: nginx
33 |           servicePort: 80
34 |         path: /


--------------------------------------------------------------------------------
/chapters/09/http-issuer.yaml:
--------------------------------------------------------------------------------
 1 | # http-issuer.yaml
 2 | apiVersion: cert-manager.io/v1alpha2
 3 | kind: ClusterIssuer
 4 | metadata:
 5 |   name: http-issuer
 6 | spec:
 7 |   acme:
 8 |     email: <EMAIL>
 9 |     server: https://acme-v02.api.letsencrypt.org/directory
10 |     privateKeySecretRef:
11 |       name: issuer-key
12 |     solvers:
13 |     - http01:
14 |        ingress:
15 |          class: nginx


--------------------------------------------------------------------------------
/chapters/09/mynginx-ingress.yaml:
--------------------------------------------------------------------------------
 1 | # mynginx-ingress.yaml
 2 | apiVersion: extensions/v1beta1
 3 | kind: Ingress
 4 | metadata:
 5 |   annotations:
 6 |     kubernetes.io/ingress.class: nginx
 7 |   name: mynginx
 8 | spec:
 9 |   rules:
10 |   - host: 10.0.1.1.sslip.io
11 |     http:
12 |       paths:
13 |       - path: /
14 |         backend:
15 |           serviceName: mynginx
16 |           servicePort: 80


--------------------------------------------------------------------------------
/chapters/09/path-based-ingress.yaml:
--------------------------------------------------------------------------------
 1 | # path-based-ingress.yaml
 2 | apiVersion: extensions/v1beta1
 3 | kind: Ingress
 4 | metadata:
 5 |   annotations:
 6 |     kubernetes.io/ingress.class: nginx
 7 |     nginx.ingress.kubernetes.io/rewrite-target: / 
 8 |   name: apache-path
 9 | spec:
10 |   rules:
11 |   - host: 10.0.1.1.sslip.io
12 |     http:
13 |       paths:
14 |       - backend:
15 |           serviceName: apache
16 |           servicePort: 80
17 |         path: /apache
18 | ---  
19 | apiVersion: extensions/v1beta1
20 | kind: Ingress
21 | metadata:
22 |   annotations:
23 |     kubernetes.io/ingress.class: nginx
24 |     nginx.ingress.kubernetes.io/rewrite-target: / 
25 |   name: nginx-path
26 | spec:
27 |   rules:
28 |   - host: 10.0.1.1.sslip.io
29 |     http:
30 |       paths:
31 |       - backend:
32 |           serviceName: nginx
33 |           servicePort: 80
34 |         path: /nginx


--------------------------------------------------------------------------------
/chapters/10/README.md:
--------------------------------------------------------------------------------
  1 | # 10. 스토리지
  2 | 
  3 | ## 10.1 `PersistentVolume`
  4 | 
  5 | ### 10.1.1 hostPath PV
  6 | 
  7 | ```yaml
  8 | # hostpath-pv.yaml
  9 | apiVersion: v1
 10 | kind: PersistentVolume
 11 | metadata:
 12 |   name: my-volume
 13 | spec:
 14 |   storageClassName: manual
 15 |   capacity:
 16 |     storage: 1Gi
 17 |   accessModes:
 18 |     - ReadWriteOnce
 19 |   hostPath:
 20 |     path: /tmp
 21 | ```
 22 | 
 23 | ```bash
 24 | kubectl apply -f hostpath-pv.yaml
 25 | # persistentvolume/my-volume created
 26 | 
 27 | kubectl get pv
 28 | # NAME        CAPACITY  ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM   STORAGECLASS   REASON   AGE
 29 | # my-volume   1Gi       RWO            Retain           Available           manual                  12s
 30 | ```
 31 | 
 32 | ### 10.1.2 NFS PV
 33 | 
 34 | ```yaml
 35 | # my-nfs.yaml
 36 | apiVersion: v1
 37 | kind: PersistentVolume
 38 | metadata:
 39 |   name: my-nfs
 40 | spec:
 41 |   storageClassName: nfs
 42 |   capacity:
 43 |     storage: 5Gi
 44 |   accessModes:
 45 |     - ReadWriteMany
 46 |   mountOptions:
 47 |     - hard
 48 |     - nfsvers=4.1
 49 |   nfs:
 50 |     path: /tmp
 51 |     server: <NFS_SERVER_IP>
 52 | ```
 53 | 
 54 | ### 10.1.3 awsElasticBlockStore PV
 55 | 
 56 | ---
 57 | 
 58 | **![주의](warning.png) 주의** 
 59 | 
 60 | 다음 예제는 AWS 플랫폼 위에서 적절한 권한이 부여된 환경에서만 동작합니다. 볼륨을 생성하여 `<volume-id>`를 입력해 주시기 바랍니다. (예제에서는 `vol-1234567890abcdef0`)
 61 | 
 62 | ```bash
 63 | aws ec2 create-volume --availability-zone=eu-east-1a \
 64 |   --size=80 --volume-type=gp2
 65 | # {
 66 | #     "AvailabilityZone": "us-east-1a",
 67 | #     "Tags": [],
 68 | #     "Encrypted": false,
 69 | #     "VolumeType": "gp2",
 70 | #     "VolumeId": "vol-1234567890abcdef0",
 71 | #     "State": "creating",
 72 | #     "Iops": 240,
 73 | #     "SnapshotId": "",
 74 | #     "CreateTime": "YYYY-MM-DDTHH:MM:SS.000Z",
 75 | #     "Size": 80
 76 | # }
 77 | ```
 78 | 
 79 | ---
 80 | 
 81 | ```yaml
 82 | # aws-ebs.yaml
 83 | apiVersion: v1
 84 | kind: PersistentVolume
 85 | metadata:
 86 |   name: aws-ebs
 87 | spec:
 88 |   capacity:
 89 |     storage: 1Gi
 90 |   accessModes:
 91 |     - ReadWriteOnce
 92 |   awsElasticBlockStore:
 93 |     volumeID: <volume-id>
 94 |     fsType: ext4
 95 | ```
 96 | 
 97 | ### 10.1.4 그외 다른 `PersistentVolume`
 98 | 
 99 | 더 다양한 종류들을 확인하고 싶으시다면 다음 페이지를 참고 바랍니다. [https://kubernetes.io/docs/concepts/storage/volumes](https://kubernetes.io/docs/concepts/storage/volumes)
100 | 
101 | ## 10.2 PersistentVolumeClaim
102 | 
103 | ```yaml
104 | # my-pvc.yaml
105 | apiVersion: v1
106 | kind: PersistentVolumeClaim
107 | metadata:
108 |   name: my-pvc
109 | spec:
110 |   storageClassName: manual
111 |   accessModes:
112 |     - ReadWriteOnce
113 |   resources:
114 |     requests:
115 |       storage: 1Gi
116 | ```
117 | 
118 | ```bash
119 | kubectl apply -f my-pvc.yaml
120 | # persistentvolumeclaim/my-pvc created
121 | 
122 | # 앞에서 생성한 my-volume을 선점하였습니다.
123 | kubectl get pvc
124 | # NAME          STATUS   VOLUME      CAPACITY  ACCESS MODES    ... 
125 | # my-pvc        Bound    my-volume   1Gi       RWO             ...
126 | 
127 | kubectl get pv
128 | # NAME        CAPACITY  ACCESS MODES   RECLAIM POLICY   STATUS   
129 | # my-volume   1Gi       RWO            Retain           Bound    
130 | #
131 | #                 CLAIM              STORAGECLASS    REASON   AGE
132 | #                 default/my-pvc     manual                   11s
133 | ```
134 | 
135 | ```yaml
136 | # use-pvc.yaml
137 | apiVersion: v1
138 | kind: Pod
139 | metadata:
140 |   name: use-pvc
141 | spec:
142 |   containers: 
143 |   - name: nginx
144 |     image: nginx
145 |     volumeMounts:
146 |     - mountPath: /test-volume
147 |       name: vol
148 |   volumes:
149 |   - name: vol
150 |     persistentVolumeClaim:
151 |       claimName: my-pvc
152 | ```
153 | 
154 | ```bash
155 | kubectl apply -f use-pvc.yaml
156 | # pod/use-pvc created
157 | 
158 | # 데이터 저장
159 | kubectl exec use-pvc -- sh -c "echo 'hello' > /test-volume/hello.txt"
160 | ```
161 | 
162 | ```bash
163 | kubectl delete pod use-pvc
164 | # pod/use-pvc deleted
165 | 
166 | kubectl apply -f use-pvc.yaml
167 | # pod/use-pvc created
168 | 
169 | kubectl exec use-pvc -- cat /test-volume/hello.txt
170 | # hello
171 | ```
172 | 
173 | ### Clean up
174 | 
175 | ```bash
176 | kubectl delete pod use-pvc
177 | kubectl delete pvc my-pvc
178 | kubectl delete pv my-volume
179 | ```
180 | 
181 | ## 10.3 `StorageClass`
182 | 
183 | ### 10.3.1 `StorageClass` 소개
184 | 
185 | - local-path: [https://github.com/rancher/local-path-provisioner](https://github.com/rancher/local-path-provisioner)
186 | 
187 | ```bash
188 | # local-path라는 이름의 StorageClass
189 | kubectl get sc
190 | # NAME                  PROVISIONER             RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
191 | # local-path (default)  rancher.io/local-path   Delete          WaitForFirstConsumer   false                  20d
192 | 
193 | kubectl get sc local-path -oyaml
194 | # apiVersion: storage.k8s.io/v1
195 | # kind: StorageClass
196 | # metadata:
197 | #   annotations:
198 | #     objectset.rio.cattle.io/id: ""
199 | #   ...
200 | #   name: local-path
201 | #   resourceVersion: "172"
202 | #   selfLink: /apis/storage.k8s.io/v1/storageclasses/local-path
203 | #   uid: 3aede349-0b94-40c8-b10a-784d38f7c120
204 | # provisioner: rancher.io/local-path
205 | # reclaimPolicy: Delete
206 | # volumeBindingMode: WaitForFirstConsumer
207 | ```
208 | 
209 | ```yaml
210 | # my-pvc-sc.yaml
211 | apiVersion: v1
212 | kind: PersistentVolumeClaim
213 | metadata:
214 |   name: my-pvc-sc
215 | spec:
216 |   storageClassName: local-path
217 |   accessModes:
218 |     - ReadWriteOnce
219 |   resources:
220 |     requests:
221 |       storage: 1Gi
222 | ```
223 | 
224 | ```bash
225 | kubectl apply -f my-pvc-sc.yaml
226 | # persistentvolumeclaim/my-pvc-sc created
227 | 
228 | kubectl get pvc my-pvc-sc
229 | # NAME         STATUS    VOLUME     CAPACITY   ACCESS MODES  STORAGECLASS   AGE 
230 | # my-pvc-sc    Pending                                       local-path     11s 
231 | ```
232 | 
233 | ```yaml
234 | # use-pvc-sc.yaml
235 | apiVersion: v1
236 | kind: Pod
237 | metadata:
238 |   name: use-pvc-sc
239 | spec:
240 |   volumes:
241 |   - name: vol
242 |     persistentVolumeClaim:
243 |       claimName: my-pvc-sc
244 |   containers:
245 |   - name: nginx
246 |     image: nginx
247 |     volumeMounts:
248 |     - mountPath: "/usr/share/nginx/html"
249 |       name: vol
250 | ```
251 | 
252 | ```bash
253 | # pod 생성
254 | kubectl apply -f use-pvc-sc.yaml
255 | # pod/use-pvc-sc created
256 | 
257 | # STATUS가 Bound로 변경
258 | kubectl get pvc my-pvc-sc
259 | # NAME         STATUS   VOLUME            CAPACITY   ACCESS MODES   STORAGECLASS   AGE
260 | # my-pvc-sc    Bound    pvc-479cff32-xx   1Gi        RWO            local-path     92s         
261 | 
262 | # 기존에 생성하지 않은 신규 volume이 생성된 것을 확인
263 | kubectl get pv
264 | # NAME              CAPACITY  ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM               STORAGECLASS   REASON   AGE
265 | # pvc-479cff32-xx   1Gi       RWO            Delete           Bound    default/my-pvc-sc   local-path              3m
266 | 
267 | # pv 상세 정보 확인 (hostPath 등)
268 | kubectl get pv pvc-479cff32-xx -oyaml
269 | # apiVersion: v1
270 | # kind: PersistentVolume
271 | # metadata:
272 | #     ...
273 | #   name: pvc-b1727544-f4be-4cd6-acb7-29eb8f68e84a
274 | #   ...
275 | # spec:
276 | #   ...
277 | #   hostPath:
278 | #     path: /var/lib/rancher/k3s/storage/pvc-b1727544-f4be-4cd6-acb7-29eb8f68e84a
279 | #     type: DirectoryOrCreate
280 | #   nodeAffinity:
281 | #     required:
282 | #       nodeSelectorTerms:
283 | #       - matchExpressions:
284 | #         - key: kubernetes.io/hostname
285 | #           operator: In
286 | #           values:
287 | #           - worker
288 | #    ...
289 | ```
290 | 
291 | ### 10.3.2 NFS StorageClass 설정
292 | 
293 | ```bash
294 | helm install nfs stable/nfs-server-provisioner \
295 |     --set persistence.enabled=true \
296 |     --set persistence.size=10Gi \
297 |     --version 1.1.1 \
298 |     --namespace ctrl
299 | # NAME: nfs
300 | # LAST DEPLOYED: Wed Jul  8 13:19:46 2020
301 | # NAMESPACE: ctrl
302 | # STATUS: deployed
303 | # REVISION: 1
304 | # TEST SUITE: None
305 | # NOTES:
306 | # ...
307 | 
308 | # nfs-server-provisioner라는 Pod가 생성되어 있습니다.
309 | kubectl get pod -n ctrl
310 | # NAME                           READY   STATUS       RESTARTS   AGE
311 | # ...
312 | # nfs-nfs-server-provisioner-0   1/1     Running      0          4m
313 | 
314 | # 이것은 StatefulSet로 구성되어 있습니다.
315 | kubectl get statefulset  -n ctrl
316 | # NAME                         READY   AGE
317 | # nfs-nfs-server-provisioner   1/1     57s
318 | 
319 | # nfs-server-provisioner Service도 있습니다.
320 | kubectl get svc  -n ctrl
321 | # NAME                                  TYPE           CLUSTER-IP     ..
322 | # nginx-nginx-ingress-default-backend   ClusterIP      10.43.79.133   .. 
323 | # nginx-nginx-ingress-controller        LoadBalancer   10.43.182.174  ..  
324 | # nfs-nfs-server-provisioner            ClusterIP      10.43.248.122  ..  
325 | 
326 | # 새로운 nfs StorageClass 생성
327 | kubectl get sc
328 | # NAME                 PROVISIONER                                RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
329 | # local-path (default) rancher.io/local-path                      Delete          WaitForFirstConsumer   false                  20d
330 | # nfs                  cluster.local/nfs-nfs-server-provisioner   Delete          Immediate              true                   10s
331 | ```
332 | 
333 | ```yaml
334 | # nfs-sc.yaml
335 | apiVersion: v1
336 | kind: PersistentVolumeClaim
337 | metadata:
338 |   name: nfs-sc
339 | spec:
340 |   # 기존 local-path에서 nfs로 변경
341 |   storageClassName: nfs
342 |   # accessModes를 ReadWriteMany로 변경
343 |   accessModes:
344 |     - ReadWriteMany
345 |   resources:
346 |     requests:
347 |       storage: 1Gi
348 | ```
349 | 
350 | ```bash
351 | kubectl apply -f nfs-sc.yaml
352 | # persistentvolumeclaim/nfs-sc created
353 | 
354 | # pvc 리소스 확인
355 | kubectl get pvc
356 | # NAME        STATUS   VOLUME             CAPACITY   ACCESS MODES  ...
357 | # my-pvc-sc   Bound    pvc-b1727544-xxx   1Gi        RWO           ...
358 | # nfs-sc      Bound    pvc-49fea9cf-xxx   1Gi        RWO           ...
359 | 
360 | # pv 리소스 확인
361 | kubectl get pv pvc-49fea9cf-xxx
362 | # NAME                CAPACITY   ACCESS MODES   RECLAIM  POLICY  STATUS    CLAIM            STORAGECLASS   REASON  AGE
363 | # pvc-49fea9cf-xxx    1Gi        RWX            Delete           Bound     default/nfs-sc   nfs                    5m
364 | 
365 | # pv 상세 정보 확인 (nfs 마운트 정보)
366 | kubectl get pv pvc-49fea9cf-xxx -oyaml
367 | # apiVersion: v1
368 | # kind: PersistentVolume
369 | # metadata:
370 | #   ...
371 | # spec:
372 | #   accessModes:
373 | #   - ReadWriteMany
374 | #   capacity:
375 | #     storage: 1Gi
376 | #   claimRef:
377 | #     apiVersion: v1
378 | #     kind: PersistentVolumeClaim
379 | #     name: nfs-sc
380 | #     namespace: default
381 | #     resourceVersion: "10084380"
382 | #     uid: 2e95f6c4-2b43-4375-808f-0c93e44a1003
383 | #   mountOptions:
384 | #   - vers=3
385 | #   nfs:
386 | #     path: /export/pvc-2e95f6c4-2b43-4375-808f-0c93e44a1003
387 | #     server: 10.43.248.122
388 | #   persistentVolumeReclaimPolicy: Delete
389 | #   storageClassName: nfs
390 | #   volumeMode: Filesystem
391 | # status:
392 | #   phase: Bound
393 | ```
394 | 
395 | ```yaml
396 | # use-nfs-sc.yaml
397 | apiVersion: v1
398 | kind: Pod
399 | metadata:
400 |   name: use-nfs-sc-master
401 | spec:
402 |   volumes:
403 |   - name: vol
404 |     persistentVolumeClaim:
405 |       claimName: nfs-sc
406 |   containers:
407 |   - name: nginx
408 |     image: nginx
409 |     volumeMounts:
410 |     - mountPath: "/usr/share/nginx/html"
411 |       name: vol
412 |   nodeSelector:
413 |     kubernetes.io/hostname: master
414 | ---
415 | apiVersion: v1
416 | kind: Pod
417 | metadata:
418 |   name: use-nfs-sc-worker
419 | spec:
420 |   volumes:
421 |   - name: vol
422 |     persistentVolumeClaim:
423 |       claimName: nfs-sc
424 |   containers:
425 |   - name: nginx
426 |     image: nginx
427 |     volumeMounts:
428 |     - mountPath: "/usr/share/nginx/html"
429 |       name: vol
430 |   nodeSelector:
431 |     kubernetes.io/hostname: worker
432 | ```
433 | 
434 | ```bash
435 | kubectl apply -f use-nfs-sc.yaml
436 | # pod/use-nfs-sc-master created
437 | # pod/use-nfs-sc-worker created
438 | 
439 | kubectl get pod -o wide
440 | # NAME               READY  STATUS    RESTARTS  AGE   IP          NODE
441 | # ...
442 | # use-nfs-sc-master  1/1    Running   0         19s   10.42.0.8   master
443 | # use-nfs-sc-worker  1/1    Running   0         19s   10.42.0.52  worker
444 | ```
445 | 
446 | ```bash
447 | # master Pod에 index.html 파일을 생성합니다.
448 | kubectl exec use-nfs-sc-master -- sh -c \
449 |       "echo 'hello world' >> /usr/share/nginx/html/index.html"
450 | 
451 | # worker Pod에서 호출을 합니다.
452 | kubectl exec use-nfs-sc-worker -- curl -s localhost
453 | # hello world
454 | ```
455 | 
456 | ### Clean up
457 | 
458 | ```bash
459 | kubectl delete pod --all
460 | kubectl delete pvc nfs-sc my-pvc-sc
461 | ```
462 | 
463 | ## 10.4 쿠버네티스 스토리지 활용
464 | 
465 | ```bash
466 | # stable 레포지토리에 있는 minio chart를 다운로드 합니다.
467 | helm fetch --untar stable/minio --version 5.0.30
468 | 
469 | # vim 편집기를 실행합니다.
470 | vim minio/values.yaml
471 | ```
472 | 
473 | ```yaml
474 | ...
475 | # 약 65번째 줄에서 accessKey와 secretKey 변경
476 | accessKey: "myaccess"
477 | secretKey: "mysecret"
478 | ...
479 |   # 약 111번째 줄에서 storageClass를 nfs로 변경
480 |   storageClass: "nfs"
481 |   # ReadWriteMany로 변경
482 |   accessMode: "ReadWriteMany"
483 |   # 1Gi로 변경
484 |   size: 1Gi    # 기존 500Gi
485 | 
486 | # 약 149번째 줄에서 ingress 설정
487 | ingress:
488 |   # false --> true
489 |   enabled: true
490 |   labels: {}
491 | 
492 |   # annotation 설정
493 |   annotations:
494 |     kubernetes.io/ingress.class: nginx
495 |   path: /
496 |   # host 설정, 사용자별 공인IP 주소를 입력합니다.
497 |   hosts:
498 |     - minio.10.0.1.1.sslip.io
499 |   tls: []
500 | 
501 | # 약 212번째 줄에서 requests 줄이기
502 | resources:
503 |   requests:
504 |     memory: 1Gi # 기존 4Gi
505 | ```
506 | 
507 | ```bash
508 | helm install minio ./minio
509 | 
510 | kubectl get pod
511 | # NAME                      READY   STATUS             RESTARTS   AGE
512 | # minio-7f58448457-vctrp    1/1     Running            0          2m
513 | 
514 | kubectl get pvc
515 | # NAME     STATUS   VOLUME             CAPACITY   ACCESS MODES   STORAGECLASS   AGE
516 | # minio    Bound    pvc-cff81820-xxx   10Gi       RWO            nfs            2m40s
517 | 
518 | kubectl get pv
519 | # NAME               CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM           STORAGECLASS   REASON   AGE   
520 | # pvc-cff81820-xxx   10Gi       RWO            Delete           Bound    default/minio   nfs                     3m
521 | ```
522 | 
523 | ### Clean up
524 | 
525 | ```bash
526 | helm delete minio
527 | ```
528 | 


--------------------------------------------------------------------------------
/chapters/10/aws-ebs.yaml:
--------------------------------------------------------------------------------
 1 | # aws-ebs.yaml
 2 | apiVersion: v1
 3 | kind: PersistentVolume
 4 | metadata:
 5 |   name: aws-ebs
 6 | spec:
 7 |   capacity:
 8 |     storage: 1Gi
 9 |   accessModes:
10 |     - ReadWriteOnce
11 |   awsElasticBlockStore:
12 |     volumeID: <volume-id>
13 |     fsType: ext4


--------------------------------------------------------------------------------
/chapters/10/hostpath-pv.yaml:
--------------------------------------------------------------------------------
 1 | # hostpath-pv.yaml
 2 | apiVersion: v1
 3 | kind: PersistentVolume
 4 | metadata:
 5 |   name: my-volume
 6 | spec:
 7 |   storageClassName: manual
 8 |   capacity:
 9 |     storage: 1Gi
10 |   accessModes:
11 |     - ReadWriteOnce
12 |   hostPath:
13 |     path: /tmp


--------------------------------------------------------------------------------
/chapters/10/my-nfs.yaml:
--------------------------------------------------------------------------------
 1 | # my-nfs.yaml
 2 | apiVersion: v1
 3 | kind: PersistentVolume
 4 | metadata:
 5 |   name: my-nfs
 6 | spec:
 7 |   storageClassName: nfs
 8 |   capacity:
 9 |     storage: 5Gi
10 |   accessModes:
11 |     - ReadWriteMany
12 |   mountOptions:
13 |     - hard
14 |     - nfsvers=4.1
15 |   nfs:
16 |     path: /tmp
17 |     server: <NFS_SERVER_IP>


--------------------------------------------------------------------------------
/chapters/10/my-pvc-sc.yaml:
--------------------------------------------------------------------------------
 1 | # my-pvc-sc.yaml
 2 | apiVersion: v1
 3 | kind: PersistentVolumeClaim
 4 | metadata:
 5 |   name: my-pvc-sc
 6 | spec:
 7 |   storageClassName: local-path
 8 |   accessModes:
 9 |     - ReadWriteOnce
10 |   resources:
11 |     requests:
12 |       storage: 1Gi


--------------------------------------------------------------------------------
/chapters/10/nfs-sc.yaml:
--------------------------------------------------------------------------------
 1 | # nfs-sc.yaml
 2 | apiVersion: v1
 3 | kind: PersistentVolumeClaim
 4 | metadata:
 5 |   name: nfs-sc
 6 | spec:
 7 |   # 기존 local-path에서 nfs로 변경
 8 |   storageClassName: nfs
 9 |   # accessModes를 ReadWriteMany로 변경
10 |   accessModes:
11 |     - ReadWriteMany
12 |   resources:
13 |     requests:
14 |       storage: 1Gi


--------------------------------------------------------------------------------
/chapters/10/use-nfs-sc.yaml:
--------------------------------------------------------------------------------
 1 | # use-nfs-sc.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: use-nfs-sc-master
 6 | spec:
 7 |   volumes:
 8 |   - name: vol
 9 |     persistentVolumeClaim:
10 |       claimName: nfs-sc
11 |   containers:
12 |   - name: nginx
13 |     image: nginx
14 |     volumeMounts:
15 |     - mountPath: "/usr/share/nginx/html"
16 |       name: vol
17 |   nodeSelector:
18 |     kubernetes.io/hostname: master
19 | ---
20 | apiVersion: v1
21 | kind: Pod
22 | metadata:
23 |   name: use-nfs-sc-worker
24 | spec:
25 |   volumes:
26 |   - name: vol
27 |     persistentVolumeClaim:
28 |       claimName: nfs-sc
29 |   containers:
30 |   - name: nginx
31 |     image: nginx
32 |     volumeMounts:
33 |     - mountPath: "/usr/share/nginx/html"
34 |       name: vol
35 |   nodeSelector:
36 |     kubernetes.io/hostname: worker


--------------------------------------------------------------------------------
/chapters/10/use-pvc-sc.yaml:
--------------------------------------------------------------------------------
 1 | # use-pvc-sc.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: use-pvc-sc
 6 | spec:
 7 |   volumes:
 8 |   - name: vol
 9 |     persistentVolumeClaim:
10 |       claimName: my-pvc-sc
11 |   containers:
12 |   - name: nginx
13 |     image: nginx
14 |     volumeMounts:
15 |     - mountPath: "/usr/share/nginx/html"
16 |       name: vol


--------------------------------------------------------------------------------
/chapters/10/use-pvc.yaml:
--------------------------------------------------------------------------------
 1 | # use-pvc.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: use-pvc
 6 | spec:
 7 |   containers: 
 8 |   - name: nginx
 9 |     image: nginx
10 |     volumeMounts:
11 |     - mountPath: /test-volume
12 |       name: vol
13 |   volumes:
14 |   - name: vol
15 |     persistentVolumeClaim:
16 |       claimName: my-pvc


--------------------------------------------------------------------------------
/chapters/11/README.md:
--------------------------------------------------------------------------------
  1 | # 11. 고급 스케줄링
  2 | 
  3 | ## 11.1 고가용성 확보 - Pod 레벨
  4 | 
  5 | ### 11.1.1 metrics server 설치
  6 | 
  7 | ```bash
  8 | helm install metrics-server stable/metrics-server \
  9 |     --version 2.11.1 \
 10 |     --namespace ctrl
 11 | # NAME: metrics-server
 12 | # LAST DEPLOYED: Wed Jul  8 17:50:32 2020
 13 | # NAMESPACE: ctrl
 14 | # STATUS: deployed
 15 | # REVISION: 1
 16 | # NOTES:
 17 | # The metric server has been deployed.
 18 | # 
 19 | # In a few minutes you should be able to list metrics using the following
 20 | # command:
 21 | # 
 22 | #   kubectl get --raw "/apis/metrics.k8s.io/v1beta1/nodes"
 23 | 
 24 | # metrics-server가 정상적으로 올라오기까지 시간이 조금 걸립니다.
 25 | kubectl get pod -nctrl
 26 | # NAME                              READY   STATUS    RESTARTS   AGE
 27 | # metrics-server-8555869558-k7gb6   0/1     Running   0          34s
 28 | ```
 29 | 
 30 | ```bash
 31 | # 리소스 사용량을 모니터링할 Pod를 하나 생성합니다.
 32 | kubectl run mynginx --image nginx
 33 | 
 34 | # Pod별 리소스 사용량을 확인합니다.
 35 | kubectl top pod
 36 | # NAME        CPU(cores)   MEMORY(bytes)
 37 | # mynginx     0m           2Mi
 38 | 
 39 | # Node별 리소스 사용량을 확인합니다.
 40 | kubectl top node
 41 | # NAME      CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%
 42 | # master    57m          2%     1846Mi          46%
 43 | # worker    43m          2%      970Mi          24%
 44 | 
 45 | kubectl delete pod mynginx
 46 | # pod/mynginx deleted
 47 | ```
 48 | 
 49 | ### 11.1.2 자동 확장할 Pod 생성
 50 | 
 51 | ```php
 52 | # image: k8s.gcr.io/hpa-example
 53 | <?php
 54 |   $x = 0.0001;
 55 |   for ($i = 0; $i <= 1000000; $i++) {
 56 |     $x += sqrt($x);
 57 |   }
 58 |   echo "OK!";
 59 | ?>
 60 | ```
 61 | 
 62 | ```yaml
 63 | # heavy-cal.yaml
 64 | apiVersion: apps/v1
 65 | kind: Deployment
 66 | metadata:
 67 |   name: heavy-cal
 68 | spec:
 69 |   selector:
 70 |     matchLabels:
 71 |       run: heavy-cal
 72 |   replicas: 1
 73 |   template:
 74 |     metadata:
 75 |       labels:
 76 |         run: heavy-cal
 77 |     spec:
 78 |       containers:
 79 |       - name: heavy-cal
 80 |         image: k8s.gcr.io/hpa-example
 81 |         ports:
 82 |         - containerPort: 80
 83 |         resources:
 84 |           limits:
 85 |             cpu: 500m
 86 |           requests:
 87 |             cpu: 300m
 88 | ---
 89 | apiVersion: v1
 90 | kind: Service
 91 | metadata:
 92 |   name: heavy-cal
 93 | spec:
 94 |   ports:
 95 |   - port: 80
 96 |   selector:
 97 |     run: heavy-cal
 98 | ```
 99 | 
100 | ```bash
101 | kubectl apply -f heavy-cal.yaml
102 | # deployment.apps/heavy-cal created
103 | # service/heavy-cal created
104 | ```
105 | 
106 | ### 11.1.3 `hpa` 생성 - 선언형 명령
107 | 
108 | ```yaml
109 | # hpa.yaml
110 | apiVersion: autoscaling/v1
111 | kind: HorizontalPodAutoscaler
112 | metadata:
113 |   name: heavy-cal
114 | spec:
115 |   maxReplicas: 50
116 |   minReplicas: 1
117 |   scaleTargetRef:
118 |     apiVersion: apps/v1
119 |     kind: Deployment
120 |     name: heavy-cal
121 |   targetCPUUtilizationPercentage: 50
122 | ```
123 | 
124 | ```bash
125 | # hpa 리소스 생성
126 | kubectl apply -f hpa.yaml
127 | # horizontalpodautoscaler.autoscaling/heavy-cal autoscaled
128 | ```
129 | 
130 | ### 11.1.4 `hpa` 생성 - 명령형 명령
131 | 
132 | ```bash
133 | kubectl autoscale deployment heavy-cal --cpu-percent=50 --min=1 --max=50
134 | # horizontalpodautoscaler.autoscaling/heavy-cal autoscaled
135 | 
136 | kubectl get hpa
137 | # NAME        REFERENCE                   TARGET    MINPODS  MAXPODS   REPLICAS   AGE
138 | # heavy-cal   Deployment/heavy-cal/scale  0% / 50%  1        50        1          18s
139 | ```
140 | 
141 | ### 11.1.5 자동확장 테스트
142 | 
143 | ```yaml
144 | # heavy-load.yaml
145 | apiVersion: v1
146 | kind: Pod
147 | metadata:
148 |   name: heavy-load
149 | spec:
150 |   containers: 
151 |   - name: busybox
152 |     image: busybox
153 |     command: ["/bin/sh"]
154 |     args: ["-c", "while true; do wget -q -O- http://heavy-cal; done"]
155 | ```
156 | 
157 | ```bash
158 | kubectl apply -f heavy-load.yaml
159 | # pod/heavy-load created
160 | 
161 | # watch문으로 heavy-cal를 계속 지켜보고 있으면 Pod의 개수가 증가하는 것을 확인할 수 있습니다.
162 | watch kubectl top pod
163 | # NAME                         CPU(cores)   MEMORY(bytes)
164 | # heavy-load                   7m           1Mi
165 | # heavy-cal-548855cf99-9s44l   140m         12Mi
166 | # heavy-cal-548855cf99-lnbvm   122m         13Mi
167 | # heavy-cal-548855cf99-lptbq   128m         13Mi
168 | # heavy-cal-548855cf99-qpdng   89m          12Mi
169 | # heavy-cal-548855cf99-tvgfn   137m         13Mi
170 | # heavy-cal-548855cf99-x64mg   110m         12Mi
171 | ```
172 | 
173 | ```bash
174 | kubectl delete pod heavy-load
175 | ```
176 | 
177 | ## 11.2 고가용성 확보 - Node 레벨
178 | 
179 | ### 11.2.1 AWS EKS Cluster AutoScaler 설정
180 | 
181 | ```bash
182 | NAME=k8s
183 | REGION=ap-northeast-2
184 | 
185 | helm install autoscaler stable/cluster-autoscaler \
186 |   --namespace kube-system \
187 |   --set autoDiscovery.clusterName=$NAME,awsRegion=$REGION,sslCertPath=/etc/kubernetes/pki/ca.crt \
188 |   --version 7.3.4
189 | ```
190 | 
191 | ### 11.2.2 GCP GKE Cluster AutoScaler 설정
192 | 
193 | ```bash
194 | CLUSTER_NAME=k8s
195 | REGION=us-central1-a
196 | 
197 | gcloud container clusters create $CLUSTER_NAME \
198 |     --enable-autoscaling \
199 |     --min-nodes=1 \
200 |     --num-nodes=2 \
201 |     --max-nodes=4 \
202 |     --node-locations=$REGION \
203 |     --machine-type=n1-highcpu-8
204 | ```
205 | 
206 | ### 11.2.3 Cluster AutoScaling 활용
207 | 
208 | ```bash
209 | # 인위적으로 Pod 증가
210 | kubectl scale deployment heavy-cal --replicas=50
211 | # deployment.apps/heavy-cal scaled
212 | 
213 | # Pod 리스트
214 | kubectl get pod
215 | # NAME                        READY   STATUS    RESTARTS   AGE
216 | # heavy-cal-548855cf99-x64m   1/1     Running   0          2s
217 | # heavy-cal-548855cf99-dfx2   1/1     Running   0          2s
218 | # heavy-cal-548855cf99-sf3x   1/1     Running   0          2s
219 | # ....
220 | # heavy-cal-548855cf99-a21t   0/1     Pending   0          2s
221 | # heavy-cal-548855cf99-g8ib   0/1     Pending   0          2s
222 | # heavy-cal-548855cf99-b754   0/1     Pending   0          2s
223 | # ...
224 | 
225 | watch kubectl get node
226 | # NAME             STATUS   ROLES    AGE   VERSION
227 | # ip-172-31-42-5   Ready             13h   v1.18.6
228 | # ip-172-31-44-9   Ready             1m    v1.18.6
229 | # ....             Ready             1m    v1.18.6
230 | # ....
231 | ```
232 | 
233 | ### Clean up
234 | 
235 | ```bash
236 | kubectl delete hpa heavy-cal
237 | kubectl delete deploy heavy-cal
238 | kubectl delete svc heavy-cal
239 | helm delete metrics-server -nctrl
240 | ```
241 | 
242 | ## 11.3 `Taint & Toleration`
243 | 
244 | ### 11.3.1 Taint
245 | 
246 | ```bash
247 | # taint 방법
248 | kubectl taint nodes $NODE_NAME <KEY>=<VALUE>:<EFFECT>
249 | ```
250 | 
251 | ### 11.3.2 Toleration
252 | 
253 | ```bash
254 | # project=A 라는 taint를 NoSchedule로 설정
255 | kubectl taint node worker project=A:NoSchedule
256 | # node/worker tainted
257 | 
258 | kubectl get node worker -oyaml | grep -A 4 taints
259 | #  taints:
260 | #  - effect: NoSchedule
261 | #    key: project
262 | #    value: A
263 | ```
264 | 
265 | ```yaml
266 | # no-tolerate.yaml
267 | apiVersion: v1
268 | kind: Pod
269 | metadata:
270 |   name: no-tolerate
271 | spec:
272 |   containers:
273 |   - name: nginx
274 |     image: nginx
275 | ```
276 | 
277 | ```bash
278 | kubectl apply -f no-tolerate.yaml
279 | # pod/no-tolerate created
280 | 
281 | kubectl get pod -o wide
282 | # NAME         READY   STATUS    RESTARTS  AGE   IP        NODE    ...
283 | # no-tolerate  1/1     Running   0         3s    <none>    master  ... 
284 | ```
285 | 
286 | ```yaml
287 | # tolerate.yaml
288 | apiVersion: v1
289 | kind: Pod
290 | metadata:
291 |   name: tolerate
292 | spec:
293 |   containers:
294 |   - name: nginx
295 |     image: nginx
296 |   tolerations:
297 |   - key: "project"
298 |     value: "A"
299 |     operator: "Equal"
300 |     effect: "NoSchedule"
301 | ```
302 | 
303 | ```bash
304 | kubectl apply -f tolerate.yaml
305 | # pod/tolerate created
306 | 
307 | kubectl get pod -o wide
308 | # NAME         READY   STATUS    RESTARTS   AGE    IP        NODE
309 | # no-tolerate  1/1     Running   0          1m     <none>    master
310 | # tolerate     1/1     Running   0          15s    <none>    worker
311 | ```
312 | 
313 | ```bash
314 | # worker에 taint를 추가합니다.
315 | # 이번에는 key만 존재하는 taint를 적용해 봅니다.
316 | kubectl taint node worker badsector=:NoSchedule
317 | # node/worker tainted
318 | 
319 | kubectl get node worker -oyaml | grep -A 7 taints
320 | #  taints:
321 | #  - effect: NoSchedule
322 | #    key: project
323 | #    value: A
324 | #  - effect: NoSchedule
325 | #    key: badsector
326 | ```
327 | 
328 | ```yaml
329 | # badsector.yaml
330 | apiVersion: v1
331 | kind: Pod
332 | metadata:
333 |   name: badsector
334 | spec:
335 |   containers:
336 |   - name: nginx
337 |     image: nginx
338 |   tolerations:
339 |   - key: "project"
340 |     value: "A"
341 |     operator: "Equal"
342 |     effect: "NoSchedule"
343 |   - key: "badsector"
344 |     operator: "Exists"
345 | ```
346 |  
347 | ```bash
348 | kubectl apply -f badsector.yaml
349 | # pod/badsector created
350 | 
351 | kubectl get pod -o wide
352 | # NAME         READY   STATUS    RESTARTS   AGE    IP         NODE
353 | # no-tolerate  1/1     Running   0          5m     <none>     master
354 | # tolerate     1/1     Running   0          2m     <none>     worker
355 | # badsector    1/1     Running   0          16s    <none>     worker
356 | ```
357 | 
358 | ```bash
359 | kubectl taint node worker project-
360 | kubectl taint node worker badsector-
361 | kubectl delete pod --all
362 | ```
363 | 
364 | ## 11.4 `Affinity & AntiAffinity`
365 | 
366 | ### 11.4.1 `NodeAffinity`
367 | 
368 | ```yaml
369 | # node-affinity.yaml
370 | apiVersion: v1
371 | kind: Pod
372 | metadata:
373 |   name: node-affinity
374 | spec:
375 |   containers:
376 |   - name: nginx
377 |     image: nginx
378 |   affinity:
379 |     nodeAffinity:
380 |       requiredDuringSchedulingIgnoredDuringExecution:
381 |         nodeSelectorTerms:
382 |         - matchExpressions:
383 |           - key: disktype
384 |             operator: In
385 |             values:
386 |             - ssd
387 | ```
388 | 
389 | ```bash
390 | kubectl apply -f node-affinity.yaml
391 | # pod/node-affinity created
392 | 
393 | kubectl get pods node-affinity -o wide
394 | # NAME           READY   STATUS    RESTARTS  AGE   IP          NODE   ..
395 | # node-affinity  1/1     Running   0         19s   10.42.0.8   master ..
396 | ```
397 | 
398 | ### 11.4.2 `PodAffinity`
399 | 
400 | ```yaml
401 | # pod-affinity.yaml
402 | apiVersion: apps/v1
403 | kind: Deployment
404 | metadata:
405 |   name: pod-affinity
406 | spec:
407 |   selector:
408 |     matchLabels:
409 |       app: affinity
410 |   replicas: 2
411 |   template:
412 |     metadata:
413 |       labels:
414 |         app: affinity
415 |     spec:
416 |       containers:
417 |       - name: nginx
418 |         image: nginx
419 |       affinity:
420 |         podAffinity:
421 |           requiredDuringSchedulingIgnoredDuringExecution:
422 |           - labelSelector:
423 |               matchExpressions:
424 |               - key: app
425 |                 operator: In
426 |                 values:
427 |                 - affinity
428 |             topologyKey: "kubernetes.io/hostname"
429 | ```
430 | 
431 | ```bash
432 | kubectl apply -f pod-affinity.yaml
433 | # deployment.apps/pod-affinity created
434 | 
435 | kubectl get pod -o wide
436 | # NAME              READY  STATUS    RESTARTS  AGE   IP           NODE
437 | # pod-affinity-xxx  1/1    Running   0         11m   10.42.0.165  worker
438 | # pod-affinity-xxx  1/1    Running   0         11m   10.42.0.166  worker
439 | ```
440 | 
441 | ### 11.4.3 `PodAntiAffinity`
442 | 
443 | ```yaml
444 | # pod-antiaffinity.yaml
445 | apiVersion: apps/v1
446 | kind: Deployment
447 | metadata:
448 |   name: pod-antiaffinity
449 | spec:
450 |   selector:
451 |     matchLabels:
452 |       app: antiaffinity
453 |   replicas: 2
454 |   template:
455 |     metadata:
456 |       labels:
457 |         app: antiaffinity
458 |     spec:
459 |       containers:
460 |       - name: nginx
461 |         image: nginx
462 |       affinity:
463 |         podAntiAffinity:
464 |           requiredDuringSchedulingIgnoredDuringExecution:
465 |           - labelSelector:
466 |               matchExpressions:
467 |               - key: app
468 |                 operator: In
469 |                 values:
470 |                 - antiaffinity
471 |             topologyKey: "kubernetes.io/hostname"
472 | ```
473 | 
474 | ```bash
475 | kubectl apply -f pod-antiaffinity.yaml
476 | # deployment.apps/pod-antiaffinity created
477 | 
478 | kubectl get pod -o wide
479 | # NAME                 READY  STATUS    RESTARTS AGE  IP           NODE
480 | # pod-antiaffinity-xxx 1/1    Running   0        10s  10.42.0.168  master
481 | # pod-antiaffinity-xxx 1/1    Running   0        11s  10.42.0.167  worker
482 | ```
483 | 
484 | ### 11.4.4 `PodAffinity`와 `PodAntiAffinity` 활용법
485 | 
486 | #### cache 서버 설정
487 | 
488 | ```yaml
489 | # redis-cache.yaml
490 | apiVersion: apps/v1
491 | kind: Deployment
492 | metadata:
493 |   name: redis-cache
494 | spec:
495 |   selector:
496 |     matchLabels:
497 |       app: store
498 |   replicas: 2
499 |   template:
500 |     metadata:
501 |       labels:
502 |         app: store
503 |     spec:
504 |       affinity:
505 |         # cache 서버끼리 멀리 스케줄링
506 |         # app=store 라벨을 가진 Pod끼리 멀리 스케줄링
507 |         podAntiAffinity:
508 |           requiredDuringSchedulingIgnoredDuringExecution:
509 |           - labelSelector:
510 |               matchExpressions:
511 |               - key: app
512 |                 operator: In
513 |                 values:
514 |                 - store
515 |             topologyKey: "kubernetes.io/hostname"
516 |       containers:
517 |       - name: redis-server
518 |         image: redis
519 | ```
520 | 
521 | #### web 서버 설정
522 | 
523 | ```yaml
524 | # web-server.yaml
525 | apiVersion: apps/v1
526 | kind: Deployment
527 | metadata:
528 |   name: web-server
529 | spec:
530 |   selector:
531 |     matchLabels:
532 |       app: web-store
533 |   replicas: 2
534 |   template:
535 |     metadata:
536 |       labels:
537 |         app: web-store
538 |     spec:
539 |       affinity:
540 |         # web 서버끼리 멀리 스케줄링
541 |         # app=web-store 라벨을 가진 Pod끼리 멀리 스케줄링
542 |         podAntiAffinity:
543 |           requiredDuringSchedulingIgnoredDuringExecution:
544 |           - labelSelector:
545 |               matchExpressions:
546 |               - key: app
547 |                 operator: In
548 |                 values:
549 |                 - web-store
550 |             topologyKey: "kubernetes.io/hostname"
551 |         # web-cache 서버끼리 가까이 스케줄링 
552 |         # app=store 라벨을 가진 Pod끼리 가까이 스케줄링
553 |         podAffinity:
554 |           requiredDuringSchedulingIgnoredDuringExecution:
555 |           - labelSelector:
556 |               matchExpressions:
557 |               - key: app
558 |                 operator: In
559 |                 values:
560 |                 - store
561 |             topologyKey: "kubernetes.io/hostname"
562 |       containers:
563 |       - name: web-app
564 |         image: nginx
565 | ```
566 | 
567 | ```bash
568 | kubectl apply -f redis-cache.yaml
569 | # deployment.app/redis-cache created
570 | 
571 | kubectl apply -f web-server.yaml
572 | # deployment.app/web-server created
573 | 
574 | kubectl get pod -owide
575 | # NAME             READY  STATUS    RESTARTS  AGE     IP            NODE
576 | # redis-cache-xxx  1/1    Running   0         10s     10.42.0.151   master
577 | # redis-cache-xxx  1/1    Running   0         10s     10.42.0.152   worker
578 | # web-server-xxxx  1/1    Running   0         11s     10.42.0.153   master
579 | # web-server-xxxx  1/1    Running   0         11s     10.42.0.154   worker
580 | ```
581 | 
582 | ### Clean up
583 | 
584 | ```bash
585 | kubectl delete deploy --all
586 | kubectl delete pod --all
587 | ```
588 | 


--------------------------------------------------------------------------------
/chapters/11/badsector.yaml:
--------------------------------------------------------------------------------
 1 | # badsector.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: badsector
 6 | spec:
 7 |   containers:
 8 |   - name: nginx
 9 |     image: nginx
10 |   tolerations:
11 |   - key: "project"
12 |     value: "A"
13 |     operator: "Equal"
14 |     effect: "NoSchedule"
15 |   - key: "badsector"
16 |     operator: "Exists"


--------------------------------------------------------------------------------
/chapters/11/heavy-cal.yaml:
--------------------------------------------------------------------------------
 1 | # heavy-cal.yaml
 2 | apiVersion: apps/v1
 3 | kind: Deployment
 4 | metadata:
 5 |   name: heavy-cal
 6 | spec:
 7 |   selector:
 8 |     matchLabels:
 9 |       run: heavy-cal
10 |   replicas: 1
11 |   template:
12 |     metadata:
13 |       labels:
14 |         run: heavy-cal
15 |     spec:
16 |       containers:
17 |       - name: heavy-cal
18 |         image: k8s.gcr.io/hpa-example
19 |         ports:
20 |         - containerPort: 80
21 |         resources:
22 |           limits:
23 |             cpu: 500m
24 |           requests:
25 |             cpu: 300m
26 | ---
27 | apiVersion: v1
28 | kind: Service
29 | metadata:
30 |   name: heavy-cal
31 | spec:
32 |   ports:
33 |   - port: 80
34 |   selector:
35 |     run: heavy-cal


--------------------------------------------------------------------------------
/chapters/11/heavy-load.yaml:
--------------------------------------------------------------------------------
 1 | # heavy-load.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: heavy-load
 6 | spec:
 7 |   containers: 
 8 |   - name: busybox
 9 |     image: busybox
10 |     command: ["/bin/sh"]
11 |     args: ["-c", "while true; do wget -q -O- http://heavy-cal; done"]


--------------------------------------------------------------------------------
/chapters/11/hpa.yaml:
--------------------------------------------------------------------------------
 1 | # hpa.yaml
 2 | apiVersion: autoscaling/v1
 3 | kind: HorizontalPodAutoscaler
 4 | metadata:
 5 |   name: heavy-cal
 6 | spec:
 7 |   maxReplicas: 50
 8 |   minReplicas: 1
 9 |   scaleTargetRef:
10 |     apiVersion: apps/v1
11 |     kind: Deployment
12 |     name: heavy-cal
13 |   targetCPUUtilizationPercentage: 50


--------------------------------------------------------------------------------
/chapters/11/no-tolerate.yaml:
--------------------------------------------------------------------------------
1 | # no-tolerate.yaml
2 | apiVersion: v1
3 | kind: Pod
4 | metadata:
5 |   name: no-tolerate
6 | spec:
7 |   containers:
8 |   - name: nginx
9 |     image: nginx


--------------------------------------------------------------------------------
/chapters/11/node-affinity.yaml:
--------------------------------------------------------------------------------
 1 | # node-affinity.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: node-affinity
 6 | spec:
 7 |   containers:
 8 |   - name: nginx
 9 |     image: nginx
10 |   affinity:
11 |     nodeAffinity:
12 |       requiredDuringSchedulingIgnoredDuringExecution:
13 |         nodeSelectorTerms:
14 |         - matchExpressions:
15 |           - key: disktype
16 |             operator: In
17 |             values:
18 |             - ssd


--------------------------------------------------------------------------------
/chapters/11/pod-affinity.yaml:
--------------------------------------------------------------------------------
 1 | # pod-affinity.yaml
 2 | apiVersion: apps/v1
 3 | kind: Deployment
 4 | metadata:
 5 |   name: pod-affinity
 6 | spec:
 7 |   selector:
 8 |     matchLabels:
 9 |       app: affinity
10 |   replicas: 2
11 |   template:
12 |     metadata:
13 |       labels:
14 |         app: affinity
15 |     spec:
16 |       containers:
17 |       - name: nginx
18 |         image: nginx
19 |       affinity:
20 |         podAffinity:
21 |           requiredDuringSchedulingIgnoredDuringExecution:
22 |           - labelSelector:
23 |               matchExpressions:
24 |               - key: app
25 |                 operator: In
26 |                 values:
27 |                 - affinity
28 |             topologyKey: "kubernetes.io/hostname"


--------------------------------------------------------------------------------
/chapters/11/pod-antiaffinity.yaml:
--------------------------------------------------------------------------------
 1 | # pod-antiaffinity.yaml
 2 | apiVersion: apps/v1
 3 | kind: Deployment
 4 | metadata:
 5 |   name: pod-antiaffinity
 6 | spec:
 7 |   selector:
 8 |     matchLabels:
 9 |       app: antiaffinity
10 |   replicas: 2
11 |   template:
12 |     metadata:
13 |       labels:
14 |         app: antiaffinity
15 |     spec:
16 |       containers:
17 |       - name: nginx
18 |         image: nginx
19 |       affinity:
20 |         podAntiAffinity:
21 |           requiredDuringSchedulingIgnoredDuringExecution:
22 |           - labelSelector:
23 |               matchExpressions:
24 |               - key: app
25 |                 operator: In
26 |                 values:
27 |                 - antiaffinity
28 |             topologyKey: "kubernetes.io/hostname"


--------------------------------------------------------------------------------
/chapters/11/redis-cache.yaml:
--------------------------------------------------------------------------------
 1 | # redis-cache.yaml
 2 | apiVersion: apps/v1
 3 | kind: Deployment
 4 | metadata:
 5 |   name: redis-cache
 6 | spec:
 7 |   selector:
 8 |     matchLabels:
 9 |       app: store
10 |   replicas: 2
11 |   template:
12 |     metadata:
13 |       labels:
14 |         app: store
15 |     spec:
16 |       affinity:
17 |         # cache 서버끼리 멀리 스케줄링
18 |         # app=store 라벨을 가진 Pod끼리 멀리 스케줄링
19 |         podAntiAffinity:
20 |           requiredDuringSchedulingIgnoredDuringExecution:
21 |           - labelSelector:
22 |               matchExpressions:
23 |               - key: app
24 |                 operator: In
25 |                 values:
26 |                 - store
27 |             topologyKey: "kubernetes.io/hostname"
28 |       containers:
29 |       - name: redis-server
30 |         image: redis


--------------------------------------------------------------------------------
/chapters/11/tolerate.yaml:
--------------------------------------------------------------------------------
 1 | # tolerate.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: tolerate
 6 | spec:
 7 |   containers:
 8 |   - name: nginx
 9 |     image: nginx
10 |   tolerations:
11 |   - key: "project"
12 |     value: "A"
13 |     operator: "Equal"
14 |     effect: "NoSchedule"


--------------------------------------------------------------------------------
/chapters/11/web-server.yaml:
--------------------------------------------------------------------------------
 1 | # web-server.yaml
 2 | apiVersion: apps/v1
 3 | kind: Deployment
 4 | metadata:
 5 |   name: web-server
 6 | spec:
 7 |   selector:
 8 |     matchLabels:
 9 |       app: web-store
10 |   replicas: 2
11 |   template:
12 |     metadata:
13 |       labels:
14 |         app: web-store
15 |     spec:
16 |       affinity:
17 |         # web 서버끼리 멀리 스케줄링
18 |         # app=web-store 라벨을 가진 Pod끼리 멀리 스케줄링
19 |         podAntiAffinity:
20 |           requiredDuringSchedulingIgnoredDuringExecution:
21 |           - labelSelector:
22 |               matchExpressions:
23 |               - key: app
24 |                 operator: In
25 |                 values:
26 |                 - web-store
27 |             topologyKey: "kubernetes.io/hostname"
28 |         # web-cache 서버끼리 가까이 스케줄링 
29 |         # app=store 라벨을 가진 Pod끼리 가까이 스케줄링
30 |         podAffinity:
31 |           requiredDuringSchedulingIgnoredDuringExecution:
32 |           - labelSelector:
33 |               matchExpressions:
34 |               - key: app
35 |                 operator: In
36 |                 values:
37 |                 - store
38 |             topologyKey: "kubernetes.io/hostname"
39 |       containers:
40 |       - name: web-app
41 |         image: nginx


--------------------------------------------------------------------------------
/chapters/12/README.md:
--------------------------------------------------------------------------------
  1 | # 12. 클러스터 관리
  2 | 
  3 | ## 12.1 리소스 관리
  4 | 
  5 | ### 12.1.1 LimitRange
  6 | 
  7 | ```bash
  8 | kubectl run mynginx --image nginx
  9 | 
 10 | kubectl get pod mynginx -oyaml | grep resources
 11 | # resources: {}
 12 | ```
 13 | 
 14 | ```yaml
 15 | # limit-range.yaml
 16 | apiVersion: v1
 17 | kind: LimitRange
 18 | metadata:
 19 |   name: limit-range
 20 | spec:
 21 |   limits:
 22 |   - default:
 23 |       cpu: 400m
 24 |       memory: 512Mi
 25 |     defaultRequest:
 26 |       cpu: 300m
 27 |       memory: 256Mi
 28 |     max:
 29 |       cpu: 600m
 30 |       memory: 600Mi
 31 |     min:
 32 |       cpu: 200m
 33 |       memory: 200Mi
 34 |     type: Container
 35 | ```
 36 | 
 37 | ```bash
 38 | kubectl apply -f limit-range.yaml
 39 | # limitrange/limit-range created
 40 | 
 41 | kubectl run nginx-lr --image nginx
 42 | # pod/nginx-lr created
 43 | 
 44 | kubectl get pod nginx-lr -oyaml | grep -A 6 resources
 45 | #    resources:
 46 | #      limits:
 47 | #        cpu: 400m
 48 | #        memory: 512Mi
 49 | #      requests:
 50 | #        cpu: 300m
 51 | #        memory: 256Mi
 52 | ```
 53 | 
 54 | ```yaml
 55 | # pod-exceed.yaml
 56 | apiVersion: v1
 57 | kind: Pod
 58 | metadata:
 59 |   name: pod-exceed
 60 | spec:
 61 |   containers:
 62 |   - image: nginx
 63 |     name: nginx
 64 |     resources:
 65 |       limits:
 66 |         cpu: "700m"
 67 |         memory: "700Mi"
 68 |       requests:
 69 |         cpu: "300m"
 70 |         memory: "256Mi"
 71 | ```
 72 | 
 73 | ```bash
 74 | kubectl apply -f pod-exceed.yaml
 75 | # Error from server (Forbidden): error when creating "STDIN": pods 
 76 | # "pod-exceed" is forbidden: [maximum cpu usage per Container 
 77 | # is 600m, but limit is 700m, maximum memory usage per Container 
 78 | # is 600Mi, but limit is 700Mi]
 79 | ```
 80 | 
 81 | ### Clean up
 82 | 
 83 | ```bash
 84 | kubectl delete limitrange limit-range
 85 | kubectl delete pod --all
 86 | ```
 87 | 
 88 | ### 12.1.2 ResourceQuota
 89 | 
 90 | ```yaml
 91 | # res-quota.yaml
 92 | apiVersion: v1
 93 | kind: ResourceQuota
 94 | metadata:
 95 |   name: res-quota
 96 | spec:
 97 |   hard:
 98 |     limits.cpu: 700m
 99 |     limits.memory: 800Mi
100 |     requests.cpu: 500m
101 |     requests.memory: 700Mi
102 | ```
103 | 
104 | ```bash
105 | # ResourceQuota 생성
106 | kubectl apply -f res-quota.yaml
107 | # resourcequota/res-quota created 
108 | 
109 | # Pod 생성 limit CPU 600m
110 | cat << EOF | kubectl apply -f -
111 | apiVersion: v1
112 | kind: Pod
113 | metadata:
114 |   name: rq-1
115 | spec:
116 |   containers:
117 |   - image: nginx
118 |     name: nginx
119 |     resources:
120 |       limits:
121 |         cpu: "600m"
122 |         memory: "600Mi"
123 |       requests:
124 |         cpu: "300m"
125 |         memory: "300Mi"
126 | EOF
127 | # pod/rq-1 created
128 | ```
129 | 
130 | ```bash
131 | cat << EOF | kubectl apply -f -
132 | apiVersion: v1
133 | kind: Pod
134 | metadata:
135 |   name: rq-2
136 | spec:
137 |   containers:
138 |   - image: nginx
139 |     name: nginx
140 |     resources:
141 |       limits:
142 |         cpu: "600m"
143 |         memory: "600Mi"
144 |       requests:
145 |         cpu: "300m"
146 |         memory: "300Mi"
147 | EOF
148 | # Error from server (Forbidden): error when creating "STDIN": 
149 | # pods "rq-2" is forbidden: exceeded quota: res-quota, 
150 | # requested: limits.cpu=600m,limits.memory=600Mi,requests.cpu=300m, 
151 | # used: limits.cpu=600m,limits.memory=600Mi,requests.cpu=300m, 
152 | # limited: limits.cpu=700m,limits
153 | ```
154 | 
155 | ### Clean up
156 | 
157 | ```bash
158 | kubectl delete resourcequota res-quota
159 | kubectl delete pod --all
160 | ```
161 | 
162 | ## 12.2 노드 관리
163 | 
164 | ### 12.2.1 Cordon
165 | 
166 | ```bash
167 | # 먼저 worker의 상태를 확인합니다.
168 | kubectl get node worker -oyaml | grep spec -A 5
169 | # spec:
170 | #   podCIDR: 10.42.0.0/24
171 | #   podCIDRs:
172 | #   - 10.42.0.0/24
173 | #   providerID: k3s://worker
174 | # status:
175 | 
176 | # worker를 cordon시킵니다.
177 | kubectl cordon worker
178 | # node/worker cordoned
179 | 
180 | # 다시 worker의 상태를 확인합니다. taint가 설정된 것을 확인할 수 있고 unschedulable이 true로 설정되어 있습니다.
181 | kubectl get node worker -oyaml | grep spec -A 10
182 | # spec:
183 | #   podCIDR: 10.42.0.0/24
184 | #   podCIDRs:
185 | #   - 10.42.0.0/24
186 | #   providerID: k3s://worker
187 | #   taints:
188 | #   - effect: NoSchedule
189 | #     key: node.kubernetes.io/unschedulable
190 | #     timeAdded: "2020-04-04T11:04:48Z"
191 | #   unschedulable: true
192 | # status:
193 | 
194 | # worker의 상태를 확인합니다.
195 | kubectl get node
196 | # NAME     STATUS                    ROLES    AGE   VERSION
197 | # master   Ready                     master   32d   v1.18.6+k3s1
198 | # worker   Ready,SchedulingDisabled  worker   32d   v1.18.6+k3s1
199 | ```
200 | 
201 | ```bash
202 | cat << EOF | kubectl apply -f -
203 | apiVersion: apps/v1
204 | kind: ReplicaSet
205 | metadata:
206 |   name: rs
207 | spec:
208 |   replicas: 5
209 |   selector:
210 |     matchLabels:
211 |       run: rs
212 |   template:
213 |     metadata:
214 |       labels:
215 |         run: rs
216 |     spec:
217 |       containers:
218 |       - name: nginx
219 |         image: nginx
220 | EOF
221 | 
222 | kubectl get pod -o wide
223 | # NAME     READY   STATUS    RESTARTS   AGE    IP          NODE     ...
224 | # rs-xxxx  1/1     Running   0          3s     10.42.1.6   master   ...
225 | # rs-xxxx  1/1     Running   0          3s     10.42.1.7   master   ...
226 | # rs-xxxx  1/1     Running   0          3s     10.42.1.8   master   ...
227 | # rs-xxxx  1/1     Running   0          3s     10.42.1.9   master   ...
228 | # rs-xxxx  1/1     Running   0          3s     10.42.1.10  master   ...
229 | ```
230 | 
231 | ```bash
232 | cat << EOF | kubectl apply -f -
233 | apiVersion: v1
234 | kind: Pod
235 | metadata:
236 |   name: pod-worker
237 | spec:
238 |   containers:
239 |   - image: nginx
240 |     name: nginx
241 |   nodeSelector:
242 |     kubernetes.io/hostname: worker
243 | EOF
244 | # pod/pod-worker created
245 | 
246 | kubectl get pod -owide
247 | # NAME         READY  STATUS    RESTARTS   AGE     IP       NODE    ... 
248 | # ...
249 | # pod-worker   0/1    Pending   0          70s     <none>   <none>  ...
250 | ```
251 | 
252 | ### 12.2.2 Uncordon
253 | 
254 | ```bash
255 | kubectl uncordon worker
256 | # node/worker uncordoned
257 | 
258 | # taint가 사라졌습니다.
259 | kubectl get node worker -oyaml | grep spec -A 10
260 | # spec:
261 | #   podCIDR: 10.42.1.0/24
262 | #   podCIDRs:
263 | #   - 10.42.1.0/24
264 | #   providerID: k3s://worker
265 | # status:
266 | #   addresses:
267 | #   - address: 172.31.16.173
268 | #     type: InternalIP
269 | #   - address: worker
270 | #     type: Hostname
271 | 
272 | kubectl get node
273 | # NAME     STATUS   ROLES    AGE   VERSION
274 | # master   Ready    master   32d   v1.18.6+k3s1
275 | # worker   Ready    worker   32d   v1.18.6+k3s1
276 | 
277 | kubectl get pod -owide
278 | # NAME        READY   STATUS    RESTARTS   AGE   IP       NODE     ...
279 | # ...
280 | # pod-worker  1/1     Running   0          70s   <none>   worker   ...
281 | 
282 | kubectl delete pod pod-worker
283 | # pod/pod-worker deleted
284 | ```
285 | 
286 | ### 12.2.3 Drain
287 | 
288 | ```bash
289 | cat << EOF | kubectl apply -f -
290 | apiVersion: apps/v1
291 | kind: Deployment
292 | metadata:
293 |   name: nginx
294 | spec:
295 |   selector:
296 |     matchLabels:
297 |       app: nginx
298 |   replicas: 3
299 |   template:
300 |     metadata:
301 |       labels:
302 |         app: nginx
303 |     spec:
304 |       containers:
305 |       - name: nginx
306 |         image: nginx
307 | EOF
308 | # deployment.apps/pod-drain created
309 | 
310 | # nginx Pod가 워커 노드에 생성된 것을 확인할 수 있습니다.
311 | kubectl get pod -o wide
312 | # NAME               READY  STATUS    RESTARTS  AGE  IP           NODE
313 | # nginx-7ff78b8-xxx  1/1    Running   0         42s  10.42.0.25   master
314 | # nginx-7ff78b8-xxx  1/1    Running   0         42s  10.42.1.2    worker
315 | # nginx-7ff78b8-xxx  1/1    Running   0         42s  10.42.4.62   worker
316 | ```
317 | 
318 | ```bash
319 | # 모든 노드에 존재하는 DaemonSet은 무시합니다.
320 | kubectl drain worker  --ignore-daemonsets
321 | # node/worker cordoned
322 | # evicting pod "nginx-xxx"
323 | # evicting pod "nginx-xxx"
324 | # ...
325 | 
326 | # nginx Pod가 어떻게 동작하는지 확인합니다.
327 | kubectl get pod -owide
328 | # NAME              READY   STATUS    RESTARTS  AGE  IP          NODE
329 | # nginx-7ff7b-xxx   1/1     Running   0         2m   10.42.0.25  master
330 | # nginx-7ff7b-xxx   1/1     Pending   0         2m   <none>      <none>
331 |  
332 | kubectl get node worker -oyaml | grep spec -A 10
333 | # spec:
334 | #   podCIDR: 10.42.1.0/24
335 | #   podCIDRs:
336 | #   - 10.42.1.0/24
337 | #   providerID: k3s://worker
338 | #   taints:
339 | #   - effect: NoSchedule
340 | #     key: node.kubernetes.io/unschedulable
341 | #     timeAdded: "2020-04-04T15:37:25Z"
342 | #   unschedulable: true
343 | # status:
344 | 
345 | kubectl get node
346 | # NAME     STATUS                    ROLES    AGE   VERSION
347 | # master   Ready                     master   32d   v1.18.6+k3s1
348 | # worker   Ready,SchedulingDisabled  worker   32d   v1.18.6+k3s1
349 | ```
350 | 
351 | ```bash
352 | kubectl uncordon worker
353 | # node/worker uncordoned
354 | ```
355 | 
356 | ## 12.3 Pod 개수 유지
357 | 
358 | ```bash
359 | kubectl scale deploy nginx --replicas 10
360 | # deployment.apps/mydeploy scaled
361 | ```
362 | 
363 | ```yaml
364 | # nginx-pdb.yaml
365 | apiVersion: policy/v1beta1
366 | kind: PodDisruptionBudget
367 | metadata:
368 |   name: nginx-pdb
369 | spec:
370 |   minAvailable: 9
371 |   selector:
372 |     matchLabels:
373 |       app: nginx
374 | ```
375 | 
376 | ```bash
377 | # pdb를 생성합니다.
378 | kubectl apply -f nginx-pdb.yaml
379 | # poddisruptionbudget/nginx-pdb created
380 | 
381 | # worker을 drain합니다.
382 | kubectl drain worker --ignore-daemonsets
383 | # node/worker cordoned
384 | # evicting pod "nginx-xxx"
385 | # evicting pod "nginx-xxx"
386 | # error when evicting pod "mynginx-xxx" 
387 | # (will retry after 5s): Cannot evict pod as it would violate the 
388 | #   pod's disruption budget.
389 | # pod/mynginx-xxx evicted
390 | # evicting pod "mynginx-xxx"
391 | # error when evicting pod "mynginx-xxx" 
392 | # (will retry after 5s): Cannot evict pod as it would violate the 
393 | #   pod's disruption budget.
394 | # evicting pod "mynginx-xxx"
395 | # pod/mynginx-xxx evicted
396 | # node/worker evicted
397 | ```
398 | 
399 | ### Clean up
400 | 
401 | ```bash
402 | kubectl delete pdb nginx-pdb
403 | kubectl delete deploy nginx
404 | kubectl delete rs rs
405 | kubectl uncordon worker
406 | ```
407 | 


--------------------------------------------------------------------------------
/chapters/12/limit-range.yaml:
--------------------------------------------------------------------------------
 1 | # limit-range.yaml
 2 | apiVersion: v1
 3 | kind: LimitRange
 4 | metadata:
 5 |   name: limit-range
 6 | spec:
 7 |   limits:
 8 |   - default:
 9 |       cpu: 400m
10 |       memory: 512Mi
11 |     defaultRequest:
12 |       cpu: 300m
13 |       memory: 256Mi
14 |     max:
15 |       cpu: 600m
16 |       memory: 600Mi
17 |     min:
18 |       cpu: 200m
19 |       memory: 200Mi
20 |     type: Container


--------------------------------------------------------------------------------
/chapters/12/nginx-pdb.yaml:
--------------------------------------------------------------------------------
 1 | # nginx-pdb.yaml
 2 | apiVersion: policy/v1beta1
 3 | kind: PodDisruptionBudget
 4 | metadata:
 5 |   name: nginx-pdb
 6 | spec:
 7 |   minAvailable: 9
 8 |   selector:
 9 |     matchLabels:
10 |       app: nginx


--------------------------------------------------------------------------------
/chapters/12/pod-exceed.yaml:
--------------------------------------------------------------------------------
 1 | # pod-exceed.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: pod-exceed
 6 | spec:
 7 |   containers:
 8 |   - image: nginx
 9 |     name: nginx
10 |     resources:
11 |       limits:
12 |         cpu: "700m"
13 |         memory: "700Mi"
14 |       requests:
15 |         cpu: "300m"
16 |         memory: "256Mi"


--------------------------------------------------------------------------------
/chapters/12/res-quota.yaml:
--------------------------------------------------------------------------------
 1 | # res-quota.yaml
 2 | apiVersion: v1
 3 | kind: ResourceQuota
 4 | metadata:
 5 |   name: res-quota
 6 | spec:
 7 |   hard:
 8 |     limits.cpu: 700m
 9 |     limits.memory: 800Mi
10 |     requests.cpu: 500m
11 |     requests.memory: 700Mi


--------------------------------------------------------------------------------
/chapters/13/allow-dmz.yaml:
--------------------------------------------------------------------------------
 1 | # allow-dmz.yaml
 2 | kind: NetworkPolicy
 3 | apiVersion: networking.k8s.io/v1
 4 | metadata:
 5 |   name: allow-dmz
 6 |   namespace: default
 7 | spec:
 8 |   podSelector:
 9 |     matchLabels:
10 |       run: web
11 |   ingress:
12 |   - from:
13 |     - namespaceSelector:
14 |         matchLabels:
15 |           zone: dmz
16 |     ports:
17 |     - protocol: TCP
18 |       port: 80


--------------------------------------------------------------------------------
/chapters/13/allow-from-web.yaml:
--------------------------------------------------------------------------------
 1 | # allow-from-web.yaml
 2 | kind: NetworkPolicy
 3 | apiVersion: networking.k8s.io/v1
 4 | metadata:
 5 |   name: allow-from-web
 6 |   namespace: default
 7 | spec:
 8 |   podSelector:
 9 |     matchLabels:
10 |       run: app
11 |   ingress:
12 |   - from:
13 |     - podSelector:
14 |         matchLabels:
15 |           run: web


--------------------------------------------------------------------------------
/chapters/13/block-metadata.yaml:
--------------------------------------------------------------------------------
 1 | # block-metadata.yaml
 2 | kind: NetworkPolicy
 3 | apiVersion: networking.k8s.io/v1
 4 | metadata:
 5 |   name: block-metadata
 6 |   namespace: default
 7 | spec:
 8 |   podSelector: {}
 9 |   egress:
10 |   - to:
11 |     - ipBlock:
12 |         cidr: 0.0.0.0/0
13 |         except:
14 |         - 169.254.169.254/32


--------------------------------------------------------------------------------
/chapters/13/db-accessable.yaml:
--------------------------------------------------------------------------------
 1 | # db-accessable.yaml
 2 | kind: NetworkPolicy
 3 | apiVersion: networking.k8s.io/v1
 4 | metadata:
 5 |   name: db-accessable
 6 |   namespace: default
 7 | spec:
 8 |   podSelector:
 9 |     matchLabels:
10 |       run: db
11 |   ingress:
12 |   - from:
13 |     - podSelector:
14 |         matchLabels:
15 |           db-accessable: "true"
16 |     ports:
17 |     - protocol: TCP
18 |       port: 80


--------------------------------------------------------------------------------
/chapters/13/deny-all.yaml:
--------------------------------------------------------------------------------
1 | # deny-all.yaml
2 | kind: NetworkPolicy
3 | apiVersion: networking.k8s.io/v1
4 | metadata:
5 |   name: deny-all
6 |   namespace: default
7 | spec:
8 |   podSelector: {}
9 |   ingress: []


--------------------------------------------------------------------------------
/chapters/13/dont-leave-dev.yaml:
--------------------------------------------------------------------------------
 1 | # dont-leave-dev.yaml
 2 | kind: NetworkPolicy
 3 | apiVersion: networking.k8s.io/v1
 4 | metadata:
 5 |   name: dont-leave-dev
 6 |   namespace: dev
 7 | spec:
 8 |   podSelector: {}
 9 |   egress:
10 |   - to:
11 |     - podSelector: {}


--------------------------------------------------------------------------------
/chapters/13/nginx-sa.yaml:
--------------------------------------------------------------------------------
 1 | # nginx-sa.yaml
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: nginx-sa
 6 | spec:
 7 |   containers:
 8 |   - image: nginx
 9 |     name: nginx
10 |   # mysa ServiceAccount 사용
11 |   serviceAccountName: mysa


--------------------------------------------------------------------------------
/chapters/13/read-pods.yaml:
--------------------------------------------------------------------------------
 1 | # read-pods.yaml
 2 | apiVersion: rbac.authorization.k8s.io/v1
 3 | kind: RoleBinding
 4 | metadata:
 5 |   name: read-pods
 6 |   namespace: default
 7 | subjects:
 8 | - kind: ServiceAccount
 9 |   name: mysa
10 | roleRef:
11 |   kind: Role
12 |   name: pod-viewer
13 |   apiGroup: rbac.authorization.k8s.io


--------------------------------------------------------------------------------
/chapters/13/role.yaml:
--------------------------------------------------------------------------------
 1 | # role.yaml
 2 | apiVersion: rbac.authorization.k8s.io/v1
 3 | kind: Role
 4 | metadata:
 5 |   name: pod-viewer
 6 |   namespace: default
 7 | rules:
 8 | - apiGroups: [""] # ""은 core API group을 나타냅니다.
 9 |   resources: 
10 |   - pods
11 |   verbs: 
12 |   - get
13 |   - watch
14 |   - list


--------------------------------------------------------------------------------
/chapters/13/web-open.yaml:
--------------------------------------------------------------------------------
 1 | # web-open.yaml
 2 | kind: NetworkPolicy
 3 | apiVersion: networking.k8s.io/v1
 4 | metadata:
 5 |   name: web-open
 6 |   namespace: default
 7 | spec:
 8 |   podSelector:
 9 |     matchLabels:
10 |       run: web
11 |   ingress:
12 |   - from:
13 |     - podSelector: {}
14 |     ports:
15 |     - protocol: TCP
16 |       port: 80


--------------------------------------------------------------------------------
/chapters/14/README.md:
--------------------------------------------------------------------------------
  1 | # 14. 로깅과 모니터링
  2 | 
  3 | ## 14.1 로깅 시스템 구축
  4 | 
  5 | ### 14.1.2 클러스터 레벨 로깅 원리
  6 | 
  7 | ```bash
  8 | docker logs <CONTAINER_ID>
  9 | ```
 10 | 
 11 | ```bash
 12 | /var/lib/docker/containers/<CONTAINER_ID>/<CONTAINER_ID>-json.log
 13 | ```
 14 | 
 15 | ```bash
 16 | # nginx라는 컨테이너를 하나 실행하고 CONTAINER_ID 값을 복사합니다.
 17 | docker run -d nginx
 18 | # 4373b7e095215c23057b1dc4423527239e56a33dbd
 19 | 
 20 | # docker 명령을 통한 로그 확인
 21 | docker logs 4373b7e095215c23057b1dc4423527239e56a33dbd
 22 | # /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will ...
 23 | # /docker-entrypoint.sh: Looking for shell scripts in /docker-...
 24 | # /docker-entrypoint.sh: Launching /docker-entrypoint.d/...
 25 | # ...
 26 | 
 27 | # 호스트 서버의 로그 파일 확인
 28 | sudo tail /var/lib/docker/containers/4373b7e095215c23057b1dc4423527239e56a33dbd/4373b7e095215c23057b1dc4423527239e56a33dbd-json.log
 29 | # {"log":"/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, \
 30 | # will attempt to perform configuration\n","stream":"stdout",\
 31 | # "time":"2020-07-11T03:22:11.817939191Z"}
 32 | # ...
 33 | 
 34 | # 컨테이너 정리
 35 | docker stop 4373b7e095215c23057b1dc4423527239e56a33dbd
 36 | docker rm 4373b7e095215c23057b1dc4423527239e56a33dbd
 37 | ```
 38 | 
 39 | ### 14.1.6 EFK Stack
 40 | 
 41 | ```bash
 42 | # fetch stable repository의 elastic-stack
 43 | helm fetch --untar stable/elastic-stack --version 2.0.1
 44 | 
 45 | vim elastic-stack/values.yaml
 46 | ```
 47 | 
 48 | ```yaml
 49 | # elastic-stack/values.yaml
 50 | 
 51 | # 약 12줄
 52 | logstash:
 53 |   enabled: false  # 기존 true
 54 | 
 55 | # 약 29줄
 56 | fluent-bit:
 57 |   enabled: true   # 기존 false
 58 | ```
 59 | 
 60 | ```bash
 61 | # elasticsearch 수정
 62 | vim elastic-stack/charts/elasticsearch/values.yaml
 63 | ```
 64 | 
 65 | ```yaml
 66 | # elastic-stack/charts/elasticsearch/values.yaml
 67 | # ...
 68 | # 약 110줄
 69 | client:
 70 |   replicas: 1  # 기존 2
 71 | # ...
 72 | # 약 171줄
 73 | master:
 74 |   replicas: 2  # 기존 3
 75 | # ...
 76 | # 약 225줄
 77 | data:
 78 |   replicas: 1  # 기존 2
 79 | ```
 80 | 
 81 | ```bash
 82 | # fluent-bit 수정
 83 | vim elastic-stack/charts/fluent-bit/values.yaml
 84 | ```
 85 | 
 86 | ```yaml
 87 | # elastic-stack/charts/fluent-bit/values.yaml
 88 | # ...
 89 | # 약 45줄
 90 | backend:
 91 |   type: es    # 기존 forward
 92 |   # ...
 93 |   es:
 94 |     host: efk-elasticsearch-client   # 기존 elasticsearch -> host 변경
 95 | 
 96 | # ...
 97 | 
 98 | # 약 226줄
 99 | input:
100 |   tail:
101 |     memBufLimit: 5MB
102 |     parser: docker
103 |     path: /var/log/containers/*.log
104 |     ignore_older: ""
105 |   systemd:
106 |     enabled: true   # 기존 false
107 |     filters:
108 |       systemdUnit:
109 |         - docker.service
110 |         - k3.service    # 기존 kubelet.service
111 |         # - node-problem-detector.service  --> 주석처리
112 | ```
113 | 
114 | ```bash
115 | # kibana ingress 수정
116 | vim elastic-stack/charts/kibana/values.yaml
117 | ```
118 | 
119 | ```yaml
120 | # elastic-stack/charts/kibana/values.yaml
121 | # ...
122 | # 약 79줄 - kibana ingress 설정하기
123 | ingress:
124 |   enabled: true   # 기존 false
125 |   hosts:
126 |   - kibana.10.0.1.1.sslip.io   # 공인IP 입력
127 |   annotations:
128 |     kubernetes.io/ingress.class: nginx
129 | ```
130 | 
131 | ```bash
132 | helm install efk ./elastic-stack
133 | # NAME: efk
134 | # LAST DEPLOYED: Sat Jul 11 07:17:06 2020
135 | # NAMESPACE: default
136 | # STATUS: deployed
137 | # REVISION: 1
138 | # NOTES:
139 | # The elasticsearch cluster and associated extras have been installed.
140 | # Kibana can be accessed:
141 | # ...
142 | 
143 | # 모든 Pod가 다 실행되기까지 wait
144 | watch kubectl get pod,svc
145 | ```
146 | 
147 | index를 생성하는 방법은 다음과 같습니다.
148 | 
149 | 1. `Explore on my own` 클릭
150 | 2. 왼쪽 패널 `Discover` 클릭
151 | 3. Index pattern에 `kubernetes_cluster-*` 입력 > Next step
152 | 4. Time Filter field name에 `@timestamp` 선택 > Create index pattern
153 | 5. 다시 `Discover` 패널로 가면 `Pod`들의 로그들을 볼 수 있습니다.
154 | 
155 | ### Clean up
156 | 
157 | ```bash
158 | helm delete efk
159 | ```
160 | 
161 | ## 14.2 리소스 모니터링 시스템 구축
162 | 
163 | ### 14.2.2 컨테이너 메트릭 정보 수집 원리
164 | 
165 | ```bash
166 | docker run -d nginx
167 | # 4373b7e095215c23057b1dc4423527239e56a33dbd
168 | 
169 | docker stats 4373b7e095215c23057b1dc4423527239e56a33dbd
170 | # CONTAINER ID    NAME     CPU %     MEM USAGE / LIMIT     MEM    ...    
171 | # 4af9f73eb06f    dreamy   0.00%     3.227MiB / 7.773GiB   0.04%  ...
172 | 
173 | docker stop 4373b7e095215c23057b1dc4423527239e56a33dbd
174 | docker rm 4373b7e095215c23057b1dc4423527239e56a33dbd
175 | ```
176 | 
177 | ### 14.2.3 Prometheus & Grafana 구축
178 | 
179 | ```bash
180 | helm fetch --untar stable/prometheus-operator --version 8.16.1
181 | 
182 | vim prometheus-operator/values.yaml
183 | ```
184 | 
185 | ```yaml
186 | # 약 495줄 - grafana ingress 설정하기
187 | grafana:
188 |   ...
189 |   ingress:
190 |     enabled: true   # 기존 false
191 |     annotations:
192 |       kubernetes.io/ingress.class: nginx   # 추가
193 |     hosts:
194 |     - grafana.10.0.1.1.sslip.io            # 공인IP 입력
195 | ```
196 | 
197 | ```bash
198 | helm install mon ./prometheus-operator
199 | # manifest_sorter.go:192: info: skipping unknown hook: "crd-install"
200 | # manifest_sorter.go:192: info: skipping unknown hook: "crd-install"
201 | # manifest_sorter.go:192: info: skipping unknown hook: "crd-install"
202 | # manifest_sorter.go:192: info: skipping unknown hook: "crd-install"
203 | # manifest_sorter.go:192: info: skipping unknown hook: "crd-install"
204 | # manifest_sorter.go:192: info: skipping unknown hook: "crd-install"
205 | # NAME: mon
206 | # LAST DEPLOYED: Thu Jul 16 08:44:38 2020
207 | # ...
208 | 
209 | watch kubectl get pod
210 | ```
211 | 
212 | 웹 브라우저를 통해 grafana를 접근합니다.
213 | 
214 | - `username`: admin
215 | - `password`: prom-operator
216 | 
217 | 좌측 상단의 `Home`을 누르면 다양한 대시보드가 생성된 것을 볼 수 있습니다.
218 | 
219 | ### Clean up
220 | 
221 | ```bash
222 | helm delete mon
223 | ```
224 | 


--------------------------------------------------------------------------------
/chapters/15/Dockerfile:
--------------------------------------------------------------------------------
1 | # Dockerfile
2 | FROM python:3.7
3 | 
4 | RUN pip install flask
5 | ADD app.py .
6 | 
7 | ENTRYPOINT ["python", "app.py"]


--------------------------------------------------------------------------------
/chapters/15/Jenkinsfile:
--------------------------------------------------------------------------------
 1 | # Jenkinsfile
 2 | pipeline {
 3 |     agent {
 4 |         kubernetes {
 5 |             yaml '''
 6 | apiVersion: v1
 7 | kind: Pod
 8 | spec:
 9 |   containers:
10 |   - name: git
11 |     image: alpine/git
12 |     tty: true 
13 |     command: ["cat"]
14 |     env:
15 |     - name: PROJECT_URL
16 |       value: https://github.com/bjpublic/core_kubernetes.git 
17 |   - name: docker
18 |     image: docker
19 |     tty: true 
20 |     command: ["cat"]
21 |     env:
22 |     - name: PROJECT_NAME
23 |       value: jenkins-pipeline-sample
24 |     volumeMounts:
25 |     - mountPath: /var/run/docker.sock
26 |       name: docker-socket
27 |   volumes:
28 |   - name: docker-socket
29 |     hostPath:
30 |       path: /var/run/docker.sock
31 | '''
32 |         }
33 |     }
34 |     stages {
35 |       stage('Checkout') {
36 |         steps {
37 |           container('git') {
38 |             // 소스코드 checkout  
39 |             sh "git clone \$PROJECT_URL"
40 |           }
41 |         }
42 |       } 
43 |       stage('Build') {
44 |         steps {
45 |           container('docker') {
46 |             // 도커 빌드
47 |             sh """
48 |             cd \$PROJECT_NAME/pipeline-sample
49 |             docker build -t \$PROJECT_NAME .
50 |             """
51 |           }
52 |         }
53 |       }
54 |       stage('Test') {
55 |         steps {
56 |           container('docker') {
57 |             // 이미지 테스트
58 |             sh "docker run --entrypoint /test \$PROJECT_NAME"
59 |           }
60 |         }
61 |       }
62 |       stage('Push') {
63 |         steps {
64 |           container('docker') {
65 |             // 도커헙 계정 정보 가져오기 
66 |             withCredentials([[$class: 'UsernamePasswordMultiBinding',
67 |               credentialsId: 'dockerhub',
68 |               usernameVariable: 'DOCKERHUB_USER',
69 |               passwordVariable: 'DOCKERHUB_PASSWORD']]) {
70 |               // 이미지 패키징 & 업로드
71 |               sh """
72 |                 docker login -u ${DOCKERHUB_USER} -p ${DOCKERHUB_PASSWORD}
73 |                 docker tag \$PROJECT_NAME ${DOCKERHUB_USER}/\$PROJECT_NAME
74 |                 docker push ${DOCKERHUB_USER}/\$PROJECT_NAME
75 |               """
76 |             }
77 |           }
78 |         }
79 |       }
80 |     }
81 | }


--------------------------------------------------------------------------------
/chapters/15/README.md:
--------------------------------------------------------------------------------
  1 | # 15. CI/CD
  2 | 
  3 | ## 15.2 CI 파이프라인
  4 | 
  5 | ### 15.2.1 Jenkins
  6 | 
  7 | ```bash
  8 | # 먼저 jenkins chart를 다운 받습니다.
  9 | helm fetch --untar stable/jenkins --version 2.3.0
 10 | 
 11 | vim jenkins/values.yaml
 12 | ```
 13 | 
 14 | ```yaml
 15 | # jenkins/values.yaml 수정
 16 | # 약 375번째 line, ingress 설정
 17 |   ingress:
 18 |     enable: true   # 기존 false
 19 |     ...
 20 |     annotations:
 21 |       kubernetes.io/ingress.class: nginx   # 추가
 22 |         
 23 |     hostName: jenkins.10.0.1.1.sslip.io    # 공인IP 입력
 24 | ```
 25 | 
 26 | ```bash
 27 | # jenkins 설치
 28 | helm install jenkins ./jenkins
 29 | 
 30 | # NAME: jenkins
 31 | # LAST DEPLOYED: Sat Mar 14 00:16:01 2020
 32 | # NAMESPACE: default
 33 | # STATUS: deployed
 34 | # REVISION: 1
 35 | # NOTES:
 36 | # 1. Get your 'admin' user password by running:
 37 | #   printf $(kubectl get secret --namespace default jenkins -o 
 38 | # jsonpath="{.data.jenkins-admin-password}" | base64 --decode);echo
 39 | # 
 40 | # 2. Visit http://jenkins.10.0.0.1.sslip.io
 41 | # 
 42 | # 3. Login with the password from step 1 and the username: admin
 43 | ```
 44 | 
 45 | ```bash
 46 | watch kubectl get pod
 47 | # NAME                        READY   STATUS      RESTARTS   AGE
 48 | # jenkins-68d5bcc94b-r99kz    0/1     Init:0/1    0          13s
 49 | 
 50 | kubectl wait --for condition=Ready pod jenkins-68d5bcc94b-r99kz
 51 | # pod/jenkins-68d5bcc94b-r99kz condition met
 52 | ```
 53 | 
 54 | - 아이디: `admin`
 55 | - 비밀번호: 아래 명령을 통해 확인
 56 | 
 57 | ```bash
 58 | printf $(kubectl get secret --namespace default jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode);echo
 59 | # 1Ctidon3hh
 60 | ```
 61 | 
 62 | 1. `New item` > `Free style project` > `Enter an item name`: `myfirstjob` > OK
 63 | 2. `Build` > `Add build step` > `Execute shell`
 64 | 3. `Command` > `echo "hello world!"` 입력 > `Save`
 65 | 4. `Build Now` > `#1` > `Console Output`
 66 | 
 67 | ```bash
 68 | watch kubectl get pod
 69 | # NAME                       READY   STATUS              RESTARTS   AGE
 70 | # jenkins-68d5bcc94b-r99kz   1/1     Running             0          49m
 71 | # default-rrl40              0/1     ContainerCreating   0          15s
 72 | ```
 73 | 
 74 | ### 15.2.2 CI 파이프라인
 75 | 
 76 | ```bash
 77 | # checkout
 78 | git clone $PROJECT
 79 | git checkout $BRANCH
 80 | 
 81 | # build
 82 | docker build . -t $USERNAME/$PROJECT
 83 | 
 84 | # test
 85 | docker run --entrypoint /test $USERNAME/$PROJECT
 86 | 
 87 | # push
 88 | docker login --username $USERNAME --password $PASSWORD
 89 | docker push $USERNAME/$PROJECT
 90 | ```
 91 | 
 92 | ### 15.2.3 도커 안에 도커
 93 | 
 94 | 도커 in 도커에 대한 더 자세한 내용은 다음 글을 참고해 보시기 바랍니다.
 95 | 
 96 | [https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci](https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci)
 97 | 
 98 | ```bash
 99 | # docker 라는 이미지를 실행하면서 도커 소켓을 볼륨으로 연결해 줍니다.
100 | docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock docker
101 | # Unable to find image 'docker:latest' locally 
102 | # ...
103 | 
104 | # 컨테이너 내부에서 host 도커의 프로세스를 확인할 수 있습니다.
105 | $root@43bf40690fa9:/# docker ps
106 | # CONTAINER ID   IMAGE               COMMAND         CREATED         ... 
107 | # 43bf40690fa9   docker              "docker-en..."  13 seconds ago  ... 
108 | # e773f2075df4   rancher/pause:3.1   "/pause"        5 hours ago     ...
109 | # ...
110 | 
111 | $root@43bf40690fa9:/# exit
112 | ```
113 | 
114 | ### 15.2.4 Jenkins Pipeline
115 | 
116 | 다음과 같이 진행합니다.
117 | 
118 | 1. `Jenkins` > `Manage Jenkins` > `Manage Credentials` > `Jenkins` > `Global credentials` > `Add Credentials`
119 |     - `Scope`: Global
120 |     - `Kind`: Username with password
121 |     - `ID`: dockerhub
122 |     - `Username`: 도커허브 아이디
123 |     - `Password`: 도커허브 비밀번호
124 | 2. `Jenkins` > `New Item` > `Pipeline` > `Enter Name`: `myfirstpipeline` > `Pipeline` > `OK`
125 | 3. `Pipeline Definition: Pipeline script` > 다음 `Jenkinsfile` 스크립트 삽입
126 | 4. `Jenkins` > `myfirstpipeline` > `Build Now`
127 | 
128 | ```groovy
129 | # Jenkinsfile
130 | pipeline {
131 |     agent {
132 |         kubernetes {
133 |             yaml '''
134 | apiVersion: v1
135 | kind: Pod
136 | spec:
137 |   containers:
138 |   - name: git
139 |     image: alpine/git
140 |     tty: true 
141 |     command: ["cat"]
142 |     env:
143 |     - name: PROJECT_URL
144 |       value: https://github.com/bjpublic/core_kubernetes.git 
145 |   - name: docker
146 |     image: docker
147 |     tty: true 
148 |     command: ["cat"]
149 |     env:
150 |     - name: PROJECT_NAME
151 |       value: core_kubernetes
152 |     volumeMounts:
153 |     - mountPath: /var/run/docker.sock
154 |       name: docker-socket
155 |   volumes:
156 |   - name: docker-socket
157 |     hostPath:
158 |       path: /var/run/docker.sock
159 | '''
160 |         }
161 |     }
162 |     stages {
163 |       stage('Checkout') {
164 |         steps {
165 |           container('git') {
166 |             // 소스코드 checkout  
167 |             sh "git clone \$PROJECT_URL"
168 |           }
169 |         }
170 |       } 
171 |       stage('Build') {
172 |         steps {
173 |           container('docker') {
174 |             // 도커 빌드
175 |             sh """
176 |             cd \$PROJECT_NAME/pipeline-sample
177 |             docker build -t \$PROJECT_NAME .
178 |             """
179 |           }
180 |         }
181 |       }
182 |       stage('Test') {
183 |         steps {
184 |           container('docker') {
185 |             // 이미지 테스트
186 |             sh "docker run --entrypoint /test \$PROJECT_NAME"
187 |           }
188 |         }
189 |       }
190 |       stage('Push') {
191 |         steps {
192 |           container('docker') {
193 |             // 도커헙 계정 정보 가져오기 
194 |             withCredentials([[$class: 'UsernamePasswordMultiBinding',
195 |               credentialsId: 'dockerhub',
196 |               usernameVariable: 'DOCKERHUB_USER',
197 |               passwordVariable: 'DOCKERHUB_PASSWORD']]) {
198 |               // 이미지 패키징 & 업로드
199 |               sh """
200 |                 docker login -u ${DOCKERHUB_USER} -p ${DOCKERHUB_PASSWORD}
201 |                 docker tag \$PROJECT_NAME ${DOCKERHUB_USER}/\$PROJECT_NAME
202 |                 docker push ${DOCKERHUB_USER}/\$PROJECT_NAME
203 |               """
204 |             }
205 |           }
206 |         }
207 |       }
208 |     }
209 | }
210 | ```
211 | 
212 | ### Clean up
213 | 
214 | ```bash
215 | helm delete jenkins
216 | ```
217 | 
218 | ## 15.3 GitOps를 이용한 CD
219 | 
220 | ### 15.3.4 FluxCD
221 | 
222 | FluxCD 홈페이지: [https://fluxcd.io](https://fluxcd.io/)
223 | 
224 | ```bash
225 | # fluxcd repo 추가
226 | helm repo add fluxcd https://charts.fluxcd.io
227 | # "fluxcd" has been added to your repositories
228 | 
229 | helm repo update
230 | # ...Successfully got an update from the "fluxcd" chart repository 
231 | 
232 | # crd 생성
233 | kubectl apply -f https://raw.githubusercontent.com/fluxcd/helm-operator/master/deploy/crds.yaml
234 | # customresourcedefinition.apiextensions.k8s.io/helmreleases.helm.fluxcd.io created
235 | 
236 | # 네임스페이스 생성
237 | kubectl create ns flux
238 | # namespace/flux created
239 | ```
240 | 
241 | 
242 | - deployment.yaml
243 | - service.yaml
244 | 
245 | ```yaml
246 | # deployment.yaml
247 | apiVersion: apps/v1
248 | kind: Deployment
249 | metadata:
250 |   name: mynginx
251 | spec:
252 |   replicas: 1
253 |   selector:
254 |     matchLabels:
255 |       run: mynginx
256 |   template:
257 |     metadata:
258 |       labels:
259 |         run: mynginx
260 |     spec:
261 |       containers:
262 |       - image: nginx
263 |         name: mynginx
264 |         ports:
265 |         - containerPort: 80
266 | ---
267 | # service.yaml
268 | apiVersion: v1
269 | kind: Service
270 | metadata:
271 |   name: mynginx
272 | spec:
273 |   ports:
274 |   - port: 80
275 |     protocol: TCP
276 |     targetPort: 80
277 |   selector:
278 |     run: mynginx
279 | ```
280 | 
281 | ```bash
282 | helm install get-started fluxcd/flux \
283 |    --version 1.4.0 \
284 |    --set git.url=https://github.com/hongkunyoo/gitops-get-started.git \
285 |    --set git.readonly=true \
286 |    --set git.path=gitops \
287 |    --namespace flux
288 | # Release "get-started" has been upgraded. Happy Helming!
289 | # NAME: get-started
290 | # LAST DEPLOYED: Thu Jun 11 15:26:37 2020
291 | # NAMESPACE: flux
292 | # STATUS: deployed
293 | # ...
294 | ```
295 | 
296 | ```bash
297 | # pod 생성 확인
298 | kubectl get pod
299 | # NAME                     READY   STATUS    RESTARTS   AGE
300 | # mynginx-d5d4f5fbd-hrffl  1/1     Running   0          20s
301 | 
302 | # service 생성 확인
303 | kubectl get svc
304 | # NAME     TYPE       CLUSTER-IP      EXTERNAL-IP    PORT(S)     AGE
305 | # mynginx  ClusterIP  10.43.207.142   <none>         80/TCP      20s
306 | ```
307 | 
308 | ```bash
309 | helm delete get-started -nflux
310 | kubectl delete deploy mynginx
311 | kubectl delete svc mynginx
312 | ```
313 | 
314 | ### 15.3.5 ArgoCD
315 | 
316 | #### ArgoCD 설치
317 | 
318 | ```bash
319 | kubectl create namespace argocd
320 | # namespace/argocd created
321 | 
322 | kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
323 | # customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
324 | # customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
325 | # serviceaccount/argocd-application-controller created
326 | # serviceaccount/argocd-dex-server created
327 | # ...
328 | ```
329 | 
330 | ```yaml
331 | # argocd-ingress.yaml
332 | apiVersion: networking.k8s.io/v1beta1
333 | kind: Ingress
334 | metadata:
335 |   name: argocd
336 |   namespace: argocd
337 |   annotations:
338 |     cert-manager.io/cluster-issuer: http-issuer
339 |     kubernetes.io/ingress.class: nginx
340 |     kubernetes.io/tls-acme: "true"
341 |     nginx.ingress.kubernetes.io/backend-protocol: HTTPS
342 |     nginx.ingress.kubernetes.io/ssl-passthrough: "true"
343 | spec:
344 |   rules:
345 |   - host: argocd.10.0.1.1.sslip.io
346 |     http:
347 |       paths:
348 |       - path: /
349 |         backend:
350 |           serviceName: argocd-server
351 |           servicePort: https
352 |   tls:
353 |   - hosts:
354 |     - argocd.10.0.1.1.sslip.io
355 |     secretName: argocd-tls
356 | ```
357 | 
358 | ```bash
359 | kubectl apply -f argocd-ingress.yaml
360 | # ingress.networking.k8s.io/argocd created
361 | ```
362 | 
363 | - 아이디: admin
364 | - 비밀번호: 다음 명령를 이용하여 비밀번호를 확인합니다.
365 | 
366 | ```bash
367 | kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server \
368 |     -o name | cut -d'/' -f 2
369 | # argocd-server-6766455855-pzdrv    --> 비밀번호
370 | ```
371 | 
372 | #### ArgoCD 배포
373 | 
374 | - `Application Name`: gitops-get-started
375 | - `Project`: default
376 | - `Sync Policy`: Manual
377 | - `Repository URL`: `https://github.com/bjpublic/core_kubernetes.git`
378 | - `Revision`: HEAD
379 | - `Path`: gitops
380 | - `Cluster`: in-cluster
381 | - `Namespace`: default
382 | - `Directory Recurse`: Unchecked
383 | 
384 | ### Clean up
385 | 
386 | ```bash
387 | kubectl delete -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
388 | kubectl delete ingress argocd -n argocd
389 | kubectl delete deploy mynginx
390 | kubectl delete svc mynginx
391 | ```
392 | 
393 | ## 15.4 로컬 쿠버네티스 개발
394 | 
395 | #### skaffold 설치
396 | 
397 | ```bash
398 | curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-amd64
399 | sudo install skaffold /usr/local/bin/
400 | ```
401 | 
402 | ### 15.4.2 skaffold 세팅
403 | 
404 | ```python
405 | # app.py
406 | from flask import Flask
407 | app = Flask(__name__)
408 | 
409 | 
410 | @app.route('/')
411 | def hello():
412 |     return "Hello World!"
413 | 
414 | if __name__ == '__main__':
415 |     app.run()
416 | ```
417 | 
418 | ```Dockerfile
419 | # Dockerfile
420 | FROM python:3.7
421 | 
422 | RUN pip install flask
423 | ADD app.py .
424 | 
425 | ENTRYPOINT ["python", "app.py"]
426 | ```
427 | 
428 | ```yaml
429 | # pod.yaml
430 | apiVersion: v1
431 | kind: Pod
432 | metadata:
433 |   name: skaffold-flask
434 | spec:
435 |   containers:
436 |   - image: <USERNAME>/flask   # 각 사용자 docker hub 계정을 입력합니다.
437 |     name: flask
438 | ```
439 | 
440 | ```bash
441 | ls
442 | # app.py    Dockerfile    pod.yaml
443 | ```
444 | 
445 | ```bash
446 | skaffold init
447 | # apiVersion: skaffold/v2beta5
448 | # kind: Config
449 | # metadata:
450 | #   name: some-directory
451 | # build:
452 | #   artifacts:
453 | #   - image: <USERNAME>/flask
454 | # deploy:
455 | #   kubectl:
456 | #     manifests:
457 | #     - pod.yaml
458 | # 
459 | # Do you want to write this configuration to skaffold.yaml? [y/n]: y
460 | # Configuration skaffold.yaml was written
461 | 
462 | ls 
463 | # app.py    Dockerfile    pod.yaml    skaffold.yaml
464 | ```
465 | 
466 | ```bash
467 | docker login
468 | # Login with your Docker ID to push and pull images from Docker Hub. ..
469 | # Username: <USERNAME>
470 | # Password:
471 | # WARNING! Your password will be stored unencrypted in ...
472 | # Configure a credential helper to remove this warning. See
473 | # https://docs.docker.com/engine/reference/commandline/...
474 | # 
475 | # Login Succeeded
476 | ```
477 | 
478 | ### 15.4.3 skaffold를 이용한 배포
479 | 
480 | ```bash
481 | skaffold run
482 | # Generating tags...
483 | #  - <USERNAME>/flask -> <USERNAME>/flask:latest
484 | # Some taggers failed. Rerun with -vdebug for errors.
485 | # ...
486 | ```
487 | 
488 | ```bash
489 | kubectl get pod
490 | # NAME             READY   STATUS              RESTARTS   AGE
491 | # skaffold-flask   0/1     ContainerCreating   0          2m21s
492 | ```
493 | 
494 | ```bash
495 | # 기존 pod 삭제
496 | kubectl delete pod skaffold-flask
497 | # pod "skaffold-flask" deleted
498 | 
499 | skaffold run --tail
500 | # ...
501 | # Press Ctrl+C to exit
502 | # [skaffold-flask flask] starting app
503 | # [skaffold-flask flask]  * Serving Flask app "app" (lazy loading)
504 | # [skaffold-flask flask]  * Environment: production
505 | # [skaffold-flask flask]    WARNING: This is a development server. Do not 
506 | #                                  use it in a production deployment.
507 | # [skaffold-flask flask]    Use a production WSGI server instead.
508 | # [skaffold-flask flask]  * Debug mode: off
509 | # [skaffold-flask flask]  * Running on http://127.0.0.1:5000/ 
510 | #                                  (Press CTRL+C to quit)
511 | ```
512 | 
513 | ```bash
514 | # 기존 pod 삭제
515 | kubectl delete pod skaffold-flask
516 | # pod "skaffold-flask" deleted
517 | 
518 | skaffold dev
519 | ```
520 | 
521 | ```python
522 | from flask import Flask
523 | app = Flask(__name__)
524 | 
525 | 
526 | @app.route('/')
527 | def hello():
528 |     return "Hello World!2"
529 | 
530 | if __name__ == '__main__':
531 |     print('start app')     # print문 추가 후 저장
532 |     app.run()
533 | ```
534 | 
535 | ```bash
536 | skaffold dev
537 | # ...
538 | # Press Ctrl+C to exit
539 | # [skaffold-flask flask] starting app
540 | # [skaffold-flask flask]  * Serving Flask app "app" (lazy loading)
541 | # [skaffold-flask flask]  * Environment: production
542 | # [skaffold-flask flask]    WARNING: This is a development server. Do not 
543 | #                                  use it in a production deployment.
544 | # [skaffold-flask flask]    Use a production WSGI server instead.
545 | # [skaffold-flask flask]  * Debug mode: off
546 | # [skaffold-flask flask]  * Running on http://127.0.0.1:5000/ 
547 | #                                  (Press CTRL+C to quit)
548 | ```
549 | 


--------------------------------------------------------------------------------
/chapters/15/app.py:
--------------------------------------------------------------------------------
 1 | # app.py
 2 | from flask import Flask
 3 | app = Flask(__name__)
 4 | 
 5 | 
 6 | @app.route('/')
 7 | def hello():
 8 |     return "Hello World!"
 9 | 
10 | if __name__ == '__main__':
11 |     app.run()


--------------------------------------------------------------------------------
/chapters/15/argocd-ingress.yaml:
--------------------------------------------------------------------------------
 1 | # argocd-ingress.yaml
 2 | apiVersion: networking.k8s.io/v1beta1
 3 | kind: Ingress
 4 | metadata:
 5 |   name: argocd
 6 |   namespace: argocd
 7 |   annotations:
 8 |     cert-manager.io/cluster-issuer: http-issuer
 9 |     kubernetes.io/ingress.class: nginx
10 |     kubernetes.io/tls-acme: "true"
11 |     nginx.ingress.kubernetes.io/backend-protocol: HTTPS
12 |     nginx.ingress.kubernetes.io/ssl-passthrough: "true"
13 | spec:
14 |   rules:
15 |   - host: argocd.10.0.1.1.sslip.io
16 |     http:
17 |       paths:
18 |       - path: /
19 |         backend:
20 |           serviceName: argocd-server
21 |           servicePort: https
22 |   tls:
23 |   - hosts:
24 |     - argocd.10.0.1.1.sslip.io
25 |     secretName: argocd-tls


--------------------------------------------------------------------------------
/chapters/15/pod.yaml:
--------------------------------------------------------------------------------
1 | # pod.yaml
2 | apiVersion: v1
3 | kind: Pod
4 | metadata:
5 |   name: skaffold-flask
6 | spec:
7 |   containers:
8 |   - image: <USERNAME>/flask   # 각 사용자 docker hub 계정을 입력합니다.
9 |     name: flask


--------------------------------------------------------------------------------
/chapters/16/README.md:
--------------------------------------------------------------------------------
  1 | # 16. 사용자 정의 리소스
  2 | 
  3 | ## 16.1 사용자 정의 리소스란
  4 | 
  5 | ### 16.1.1 Custom Resource
  6 | 
  7 | ```yaml
  8 | # mypod-crd.yaml
  9 | apiVersion: apiextensions.k8s.io/v1beta1
 10 | kind: CustomResourceDefinition
 11 | metadata:
 12 |   name: mypods.crd.example.com
 13 | spec:
 14 |   group: crd.example.com
 15 |   version: v1
 16 |   scope: Namespaced
 17 |   names:
 18 |     plural: mypods   # 복수 이름
 19 |     singular: mypod  # 단수 이름
 20 |     kind: MyPod      # Kind 이름
 21 |     shortNames:      # 축약 이름
 22 |     - mp
 23 | ```
 24 | 
 25 | ```bash
 26 | # crd 생성
 27 | kubectl apply -f mypod-crd.yaml
 28 | # customresourcedefinition.apiextensions.k8s.io/mypods.crd.example.com created
 29 | 
 30 | # crd 리소스 확인
 31 | kubectl get crd | grep mypods
 32 | # NAME                     CREATED AT          
 33 | # mypods.crd.example.com   2020-06-14T09:33:32Z          
 34 | ```
 35 | 
 36 | ```bash
 37 | # MyPod 리소스 생성
 38 | cat << EOF | kubectl apply -f -
 39 | apiVersion: "crd.example.com/v1"
 40 | kind: MyPod
 41 | metadata:
 42 |   name: mypod-test
 43 | spec:
 44 |   uri: "any uri"
 45 |   customCommand: "custom command"
 46 |   image: nginx
 47 | EOF
 48 | # mypod.crd.example.com/mypod-test created
 49 | 
 50 | kubectl get mypod
 51 | # NAME         AGE
 52 | # mypod-test   3s
 53 | 
 54 | # 축약형인, mp로도 조회가 가능합니다.
 55 | kubectl get mp
 56 | # NAME         AGE
 57 | # mypod-test   3s
 58 | 
 59 | # MyPod의 상세 정보를 조회합니다.
 60 | kubectl get mypod mypod-test -oyaml
 61 | # apiVersion: crd.example.com/v1
 62 | # kind: MyPod
 63 | # metadata:
 64 | #   ...
 65 | #   name: mypod-test
 66 | #   namespace: default
 67 | #   resourceVersion: "723476"
 68 | #   selfLink: /apis/crd.example.com/v1/namespaces/default/mypods/mypod-test
 69 | #   uid: 50dd0cc8-0c1a-4f43-854b-a9c212e2046d
 70 | # spec:
 71 | #   customCommand: custom command
 72 | #   image: nginx
 73 | #   uri: any uri
 74 | 
 75 | # MyPod를 삭제합니다.
 76 | kubectl delete mp mypod-test
 77 | # mypod.crd.example.com "mypod-test" deleted
 78 | ```
 79 | 
 80 | ### 16.1.2 Custom Controller
 81 | 
 82 | ```bash
 83 | # MyPod 정의
 84 | struct MyPod {
 85 |   Uri string
 86 |   CustomCommand string
 87 | 	...
 88 | }
 89 | 
 90 | 
 91 | def main {
 92 | 	# 무한루프
 93 |     for {
 94 |     	# 신규 이벤트
 95 |         desired := apiServer.getDesiredState(MyPod)
 96 |         # 기존 이벤트
 97 |         current := apiServer.getCurrentState(MyPod)
 98 |         
 99 |         # 변경점 발생시(수정,생성,삭제), 특정 동작 수행
100 |         if desired != current {
101 |             makeChanges(desired, current)	
102 |         }
103 |     }
104 | }
105 | ```
106 | 
107 | ## 16.2 Operator 패턴
108 | 
109 | ### 16.2.1 Operator tools
110 | 
111 | Operator를 쿠버네티스 API를 이용하여 처음부터 개발하는 것도 가능하지만 Operator를 편리하게 만들 수 있게 제공하는 툴들이 이미 존재합니다.
112 | 
113 | - `kubebuilder`: [https://book.kubebuilder.io](https://book.kubebuilder.io)
114 | - `Operator Framework`: [https://coreos.com/operators](https://coreos.com/operators)
115 | - `Metacontroller`: [https://metacontroller.app](https://metacontroller.app)
116 | - `KUDO`: [https://kudo.dev](https://kudo.dev/)
117 | 
118 | ## 16.3 유용한 Operators
119 | 
120 | ### 16.3.1 MinIO Operator
121 | 
122 | #### MinIO CRD 및 Controller 설치
123 | 
124 | ```bash
125 | # crd 및 custom controller 생성
126 | kubectl apply -f https://raw.githubusercontent.com/minio/operator/2.0.9/minio-operator.yaml
127 | # customresourcedefinition.apiextensions.k8s.io/minioinstances.operator.min.io created
128 | # clusterrole.rbac.authorization.k8s.io/minio-operator-role created
129 | # serviceaccount/minio-operator created
130 | # clusterrolebinding.rbac.authorization.k8s.io/minio-operator-binding created
131 | # deployment.apps/minio-operator created
132 | 
133 | # minio operator 실행 확인
134 | kubectl get pod
135 | # NAME                     READY   STATUS    RESTARTS  AGE
136 | # minio-operator-84b88xx   1/1     Running   0         3m59s
137 | ```
138 | 
139 | #### MinIO CRD instance 생성
140 | 
141 | ```yaml
142 | # minio-instance.yaml
143 | 
144 | # minio에서 사용할 access 정보
145 | apiVersion: v1
146 | kind: Secret
147 | metadata:
148 |   name: minio-creds-secret
149 | type: Opaque
150 | data:
151 |   accesskey: bWluaW8=      # minio
152 |   secretkey: bWluaW8xMjM=  # minio123
153 | ---
154 | # MinIO Service 리소스
155 | apiVersion: v1
156 | kind: Service
157 | metadata:
158 |   name: minio-service
159 | spec:
160 |   type: ClusterIP
161 |   ports:
162 |     - port: 9000
163 |       targetPort: 9000
164 |       protocol: TCP
165 |   selector:
166 |     app: minio-dev
167 | ---
168 | # MinIO 사용자 정의 리소스
169 | apiVersion: operator.min.io/v1
170 | kind: MinIOInstance
171 | metadata:
172 |   name: minio-dev
173 | spec:
174 |   metadata:
175 |     labels:
176 |       app: minio-dev
177 |     annotations:
178 |       prometheus.io/path: /minio/prometheus/metrics
179 |       prometheus.io/port: "9000"
180 |       prometheus.io/scrape: "true"
181 |   image: minio/minio:RELEASE.2020-06-03T22-13-49Z
182 |   serviceName: minio-internal-service
183 |   zones:
184 |     - name: "zone-0"
185 |       servers: 1
186 |   volumesPerServer: 1
187 |   mountPath: /export
188 |   volumeClaimTemplate:
189 |     metadata:
190 |       name: data
191 |     spec:
192 |       accessModes:
193 |         - ReadWriteOnce
194 |       resources:
195 |         requests:
196 |           storage: 1Gi
197 |   credsSecret:
198 |     name: minio-creds-secret
199 |   podManagementPolicy: Parallel
200 |   requestAutoCert: false
201 |   certConfig:
202 |     commonName: ""
203 |     organizationName: []
204 |     dnsNames: []
205 |   liveness:
206 |     initialDelaySeconds: 120
207 |     periodSeconds: 60
208 |   readiness:
209 |     initialDelaySeconds: 120
210 |     periodSeconds: 60
211 | ```
212 | 
213 | ```bash
214 | kubectl apply -f minio-instance.yaml
215 | # secret/minio-creds-secret created
216 | # service/minio-service created
217 | # minioinstance.operator.min.io/minio-dev created
218 | 
219 | # MinIOInstance 리소스를 조회합니다.
220 | kubectl get MinIOInstance
221 | # NAME        CURRENT STATE
222 | # minio-dev   Ready
223 | 
224 | # Pod가 ready 될 때까지 시간이 조금 걸립니다.
225 | kubectl get pod
226 | # NAME                    READY   STATUS    RESTARTS   AGE
227 | # minio-operator-848xxx   1/1     Running   0          30s
228 | # minio-dev-0             1/1     Running   0          12s
229 | 
230 | kubectl get svc
231 | # NAME                    TYPE        CLUSTER-IP      ...   PORT(S)    AGE
232 | # kubernetes              ClusterIP   10.43.0.1       ...   443/TCP    10h
233 | # minio-service           ClusterIP   10.43.146.111   ...   9000/TCP   23s
234 | # minio-internal-service  ClusterIP   10.43.112.37    ...   9000/TCP   21s
235 | # minio-dev-hl-svc        ClusterIP   None            ...   9000/TCP   19s
236 | ```
237 | 
238 | ```bash
239 | # minio instance 삭제
240 | kubectl delete -f minio-instance.yaml
241 | # minio operator 삭제
242 | kubectl delete -f https://raw.githubusercontent.com/minio/operator/2.0.9/minio-operator.yaml
243 | ```
244 | 
245 | ### 16.3.2 Prometheus-Operator
246 | 
247 | ```bash
248 | helm install mon stable/prometheus-operator --version 8.16.1
249 | 
250 | # prometheus라는 사용자 정의 리소스 확인
251 | kubectl get prometheuses
252 | # NAME                                VERSION   REPLICAS   AGE
253 | # mon-prometheus-operator-prometheus  v2.18.1   1          17s
254 | 
255 | # Prometheus 사용자 정의 리소스
256 | kubectl get prometheuses mon-prometheus-operator-prometheus -oyaml
257 | # apiVersion: monitoring.coreos.com/v1
258 | # kind: Prometheus
259 | # metadata:
260 | #   annotations:
261 | #     meta.helm.sh/release-name: mon
262 | #     meta.helm.sh/release-namespace: default
263 | #   generation: 1
264 | #   labels:
265 | #     app: prometheus-operator-prometheus
266 | #     app.kubernetes.io/managed-by: Helm
267 | #     chart: prometheus-operator-8.14.0
268 | #     heritage: Helm
269 | #   ....
270 | 
271 | helm delete mon
272 | ```
273 | 
274 | ### 16.3.3 Helm Operator
275 | 
276 | ```yaml
277 | # myHelmRelease.yaml
278 | apiVersion: helm.fluxcd.io/v1
279 | kind: HelmRelease
280 | metadata:
281 |   name: rabbit
282 |   namespace: default
283 | spec:
284 |   releaseName: rabbitmq
285 |   chart:
286 |     repository: https://kubernetes-charts.storage.googleapis.com/
287 |     name: rabbitmq
288 |     version: 3.3.6
289 |   values:
290 |     replicas: 1
291 | ```
292 | 
293 | #### Helm Operator 설치
294 | 
295 | ```bash
296 | # CustomResourceDefinition 설정
297 | kubectl apply -f https://raw.githubusercontent.com/fluxcd/helm-operator/1.0.1/deploy/crds.yaml
298 | # customresourcedefinition.apiextensions.k8s.io/helmreleases.helm.fluxcd.io created  
299 | 
300 | # helm repo 등록
301 | helm repo add fluxcd https://charts.fluxcd.io
302 | # "fluxcd" has been added to your repositories  
303 | 
304 | # helm-operator 설치
305 | helm install helm-operator fluxcd/helm-operator \
306 |     --namespace flux \
307 |     --version 1.1.0 \
308 |     --set helm.versions=v3
309 | # Release "helm-operator" does not exist. Installing it now.
310 | # NAME: helm-operator
311 | # LAST DEPLOYED: Sun Jul 12 05:43:14 2020
312 | # NAMESPACE: flux
313 | # STATUS: deployed
314 | # REVISION: 1
315 | # TEST SUITE: None
316 | # NOTES:
317 | # ...
318 | 
319 | # 설치 확인
320 | kubectl get pod -nflux
321 | # NAME               READY   STATUS    RESTARTS
322 | # helm-operator-xxx  1/1     Running   0     
323 | ```
324 | 
325 | #### HelmRelease를 이용한 chart 설치
326 | 
327 | ```yaml
328 | # jenkins.yaml
329 | apiVersion: helm.fluxcd.io/v1
330 | kind: HelmRelease
331 | metadata:
332 |   name: jenkins
333 |   namespace: default
334 | spec:
335 |   releaseName: jenkins
336 |   chart:
337 |     repository: https://kubernetes-charts.storage.googleapis.com
338 |     name: jenkins
339 |     version: 2.3.0
340 |   values:
341 |     master:
342 |       adminUser: "jenkins"
343 |       resources:
344 |         limits:
345 |           cpu: "500m"
346 |           memory: "512Mi"
347 |       serviceType: LoadBalancer
348 |       servicePort: 8080
349 | ```
350 | 
351 | ```bash
352 | helm fetch --untar stable/jenkins --version 2.3.0
353 | 
354 | # jenkins chart의 values.yaml과 비교해 보시기 바랍니다.
355 | vim jenkins/values.yaml
356 | ```
357 | 
358 | ```bash
359 | # helm install jenkins stable/jenkins
360 | kubectl apply -f jenkins.yaml
361 | # helmrelease.helm.fluxcd.io/jenkins created 
362 | 
363 | # helm list
364 | kubectl get helmrelease  # 축약이름 hr
365 | # NAME      RELEASE   PHASE       STATUS   MESSAGE           AGE
366 | # jenkins             Succeeded            Release was ...   15s
367 | 
368 | # 상세 리소스 조회
369 | kubectl get hr jenkins -oyaml
370 | 
371 | # Describe resource
372 | kubectl describe hr jenkins
373 | ```
374 | 
375 | ```bash
376 | helm list
377 | # NAME     NAMESPACE   REVISION   STATUS     CHART           APP VERSION
378 | # jenkins  default     1          deployed   jenkins-1.15.0  lts
379 | 
380 | helm status jenkins
381 | # NAME: jenkins
382 | # ...
383 | # REVISION: 1
384 | # NOTES:
385 | # 1. Get your 'admin' user password by running:
386 | #   printf $(kubectl get secret --namespace default jenkins -o 
387 | #    jsonpath="{.data.jenkins-admin-password}" | base64 --decode);echo
388 | # 2. Get the Jenkins URL to visit by running these commands in the same
389 | # ...
390 | ```
391 | 
392 | ```bash
393 | kubectl get pod
394 | # NAME                      READY   STATUS    RESTARTS   AGE
395 | # svclb-jenkins-jb5j9       1/1     Running   0          4m37s
396 | # svclb-jenkins-qbvrm       1/1     Running   0          4m37s
397 | # jenkins-7c55757f9c-758lv  2/2     Running   0          5m9s
398 | 
399 | kubectl get svc
400 | # NAME           TYPE          CLUSTER-IP    EXTERNAL-IP    PORT(S)         
401 | # kubernetes     ClusterIP     10.43.0.1     <none>         443/TCP         
402 | # jenkins-agent  ClusterIP     10.43.51.30   <none>         50000/TCP       
403 | # jenkins        LoadBalancer  10.43.94.188  172.31.17.208  8080:32487/TCP  
404 | ```
405 | 
406 | ### Clean up
407 | 
408 | ```bash
409 | # helm instance 삭제
410 | kubectl delete -f jenkins.yaml
411 | 
412 | # helm operator 삭제
413 | helm delete helm-operator -n flux
414 | ```
415 | 


--------------------------------------------------------------------------------
/chapters/16/jenkins.yaml:
--------------------------------------------------------------------------------
 1 | # jenkins.yaml
 2 | apiVersion: helm.fluxcd.io/v1
 3 | kind: HelmRelease
 4 | metadata:
 5 |   name: jenkins
 6 |   namespace: default
 7 | spec:
 8 |   releaseName: jenkins
 9 |   chart:
10 |     repository: https://kubernetes-charts.storage.googleapis.com
11 |     name: jenkins
12 |     version: 2.3.0
13 |   values:
14 |     master:
15 |       adminUser: "jenkins"
16 |       resources:
17 |         limits:
18 |           cpu: "500m"
19 |           memory: "512Mi"
20 |       serviceType: LoadBalancer
21 |       servicePort: 8080


--------------------------------------------------------------------------------
/chapters/16/minio-instance.yaml:
--------------------------------------------------------------------------------
 1 | # minio-instance.yaml
 2 | apiVersion: v1
 3 | kind: Secret
 4 | metadata:
 5 |   name: minio-creds-secret
 6 | type: Opaque
 7 | data:
 8 |   accesskey: bWluaW8=      # minio
 9 |   secretkey: bWluaW8xMjM=  # minio123
10 | ---
11 | # MinIO Service 리소스
12 | apiVersion: v1
13 | kind: Service
14 | metadata:
15 |   name: minio-service
16 | spec:
17 |   type: ClusterIP
18 |   ports:
19 |     - port: 9000
20 |       targetPort: 9000
21 |       protocol: TCP
22 |   selector:
23 |     app: minio-dev
24 | ---
25 | # MinIO 사용자 정의 리소스
26 | apiVersion: operator.min.io/v1
27 | kind: MinIOInstance
28 | metadata:
29 |   name: minio-dev
30 | spec:
31 |   metadata:
32 |     labels:
33 |       app: minio-dev
34 |     annotations:
35 |       prometheus.io/path: /minio/prometheus/metrics
36 |       prometheus.io/port: "9000"
37 |       prometheus.io/scrape: "true"
38 |   image: minio/minio:RELEASE.2020-06-03T22-13-49Z
39 |   serviceName: minio-internal-service
40 |   zones:
41 |     - name: "zone-0"
42 |       servers: 1
43 |   volumesPerServer: 1
44 |   mountPath: /export
45 |   volumeClaimTemplate:
46 |     metadata:
47 |       name: data
48 |     spec:
49 |       accessModes:
50 |         - ReadWriteOnce
51 |       resources:
52 |         requests:
53 |           storage: 1Gi
54 |   credsSecret:
55 |     name: minio-creds-secret
56 |   podManagementPolicy: Parallel
57 |   requestAutoCert: false
58 |   certConfig:
59 |     commonName: ""
60 |     organizationName: []
61 |     dnsNames: []
62 |   liveness:
63 |     initialDelaySeconds: 120
64 |     periodSeconds: 60
65 |   readiness:
66 |     initialDelaySeconds: 120
67 |     periodSeconds: 60


--------------------------------------------------------------------------------
/chapters/16/myHelmRelease.yaml:
--------------------------------------------------------------------------------
 1 | # myHelmRelease.yaml
 2 | apiVersion: helm.fluxcd.io/v1
 3 | kind: HelmRelease
 4 | metadata:
 5 |   name: rabbit
 6 |   namespace: default
 7 | spec:
 8 |   releaseName: rabbitmq
 9 |   chart:
10 |     repository: https://kubernetes-charts.storage.googleapis.com/
11 |     name: rabbitmq
12 |     version: 3.3.6
13 |   values:
14 |     replicas: 1


--------------------------------------------------------------------------------
/chapters/16/mypod-crd.yaml:
--------------------------------------------------------------------------------
 1 | # mypod-crd.yaml
 2 | apiVersion: apiextensions.k8s.io/v1beta1
 3 | kind: CustomResourceDefinition
 4 | metadata:
 5 |   name: mypods.crd.example.com
 6 | spec:
 7 |   group: crd.example.com
 8 |   version: v1
 9 |   scope: Namespaced
10 |   names:
11 |     plural: mypods   # 복수 이름
12 |     singular: mypod  # 단수 이름
13 |     kind: MyPod      # Kind 이름
14 |     shortNames:      # 축약 이름
15 |     - mp


--------------------------------------------------------------------------------
/chapters/17/README.md:
--------------------------------------------------------------------------------
  1 | # 17. 워크플로우 관리
  2 | 
  3 | ## 17.1 Argo workflow 소개
  4 | 
  5 | ### 17.1.4 설치
  6 | 
  7 | ```bash
  8 | kubectl create namespace argo
  9 | # namespace/argo created
 10 | 
 11 | # Workflow CRD 및 Argo controller 설치
 12 | kubectl apply -n argo -f https://raw.githubusercontent.com/argoproj/argo/v2.8.1/manifests/install.yaml
 13 | # customresourcedefinition.apiextensions.k8s.io/clusterworkflowtemplates.argoproj.io created
 14 | # customresourcedefinition.apiextensions.k8s.io/cronworkflows.argoproj.io created
 15 | # customresourcedefinition.apiextensions.k8s.io/workflows.argoproj.io created
 16 | # ...
 17 | 
 18 | # default 서비스계정에 admin 권한 부여
 19 | kubectl create rolebinding default-admin --clusterrole=admin \
 20 |       --serviceaccount=default:default
 21 | # rolebinding.rbac.authorization.k8s.io/default-admin created
 22 | 
 23 | # ingress 설정
 24 | cat << EOF | kubectl apply -f -
 25 | apiVersion: extensions/v1beta1
 26 | kind: Ingress
 27 | metadata:
 28 |   annotations:
 29 |     kubernetes.io/ingress.class: nginx
 30 |   name: argo-server
 31 |   namespace: argo
 32 | spec:
 33 |   rules:
 34 |   - host: argo.10.0.1.1.sslip.io
 35 |     http:
 36 |       paths:
 37 |       - backend:
 38 |           serviceName: argo-server
 39 |           servicePort: 2746
 40 |         path: /
 41 | EOF
 42 | ```
 43 | 
 44 | - `SUBMIT NEW WORKFLOW` 클릭
 45 | - `SUBMIT` 클릭
 46 | - 노란색 (혹은 파란색) Workflow 클릭 (예제 이름: `fantastic-tiger`)
 47 | - `YAML`과 `LOGS` 클릭하여 Workflow 정보 확인
 48 | 
 49 | ```bash
 50 | kubectl get workflow  # wf
 51 | # NAME              STATUS      AGE
 52 | # fantastic-tiger   Succeeded   10m
 53 | 
 54 | kubectl describe workflow fantastic-tiger
 55 | # ...
 56 | ```
 57 | 
 58 | ## 17.2 Workflow 구성하기
 59 | 
 60 | ### 17.2.1 단일 Job 실행
 61 | 
 62 | ```yaml
 63 | # single-job.yaml
 64 | apiVersion: argoproj.io/v1alpha1
 65 | kind: Workflow
 66 | metadata:
 67 |   generateName: hello-world-
 68 |   namespace: default
 69 | spec:
 70 |   entrypoint: whalesay
 71 |   templates:
 72 |   - name: whalesay
 73 |     container:
 74 |       image: docker/whalesay
 75 |       command: [cowsay]
 76 |       args: ["hello world"]
 77 |       resources:
 78 |         limits:
 79 |           memory: 32Mi
 80 |           cpu: 100m
 81 | ```
 82 | 
 83 | ```bash
 84 | # Workflow 생성
 85 | kubectl create -f single-job.yaml
 86 | # workflow.argoproj.io/hello-world-tcnjj created
 87 | 
 88 | kubectl get wf
 89 | # NAME                STATUS      AGE
 90 | # wonderful-dragon    Succeeded   8m21s
 91 | # hello-world-tcnjj   Succeeded   17s
 92 | 
 93 | kubectl get pod
 94 | # NAME                READY   STATUS      RESTARTS   AGE
 95 | # wonderful-dragon    0/2     Completed   0          8m34s
 96 | # hello-world-tcnjj   0/2     Completed   0          31s
 97 | 
 98 | kubectl logs hello-world-tcnjj -c main
 99 | #  _____________
100 | # < hello world >
101 | #  -------------
102 | #     \
103 | #      \
104 | #       \
105 | #                     ##        .
106 | #               ## ## ##       ==
107 | #            ## ## ## ##      ===
108 | #        /""""""""""""""""___/ ===
109 | #   ~~~ {~~ ~~~~ ~~~ ~~~~ ~~ ~ /  ===- ~~~
110 | #        \______ o          __/
111 | #         \    \        __/
112 | #           \____\______/
113 | # 
114 | # 
115 | # Hello from Docker!
116 | # This message shows that your installation appears to be working 
117 | ```
118 | 
119 | ### 17.2.2 파라미터 전달
120 | 
121 | ```yaml
122 | # param.yaml
123 | apiVersion: argoproj.io/v1alpha1
124 | kind: Workflow
125 | metadata:
126 |   generateName: hello-world-parameters-
127 |   namespace: default
128 | spec:
129 |   entrypoint: whalesay
130 |   arguments:
131 |     parameters:
132 |     - name: message
133 |       value: hello world through param
134 | 
135 |   templates:
136 |   ###############
137 |   # entrypoint
138 |   ###############
139 |   - name: whalesay
140 |     inputs:
141 |       parameters:
142 |       - name: message
143 |     container:
144 |       image: docker/whalesay
145 |       command: [cowsay]
146 |       args: ["{{inputs.parameters.message}}"]
147 | ```
148 | 
149 | ### 17.2.3 Serial step 실행
150 | 
151 | ```yaml
152 | apiVersion: argoproj.io/v1alpha1
153 | kind: Workflow
154 | metadata:
155 |   generateName: serial-step-
156 |   namespace: default
157 | spec:
158 |   entrypoint: hello-step
159 |   templates:
160 | 
161 |   ###############
162 |   # template job
163 |   ###############
164 |   - name: whalesay
165 |     inputs:
166 |       parameters:
167 |       - name: message
168 |     container:
169 |       image: docker/whalesay
170 |       command: [cowsay]
171 |       args: ["{{inputs.parameters.message}}"]
172 | 
173 |   ###############
174 |   # entrypoint
175 |   ###############
176 |   - name: hello-step
177 |     # 순차 실행
178 |     steps:
179 |     - - name: hello1
180 |         template: whalesay
181 |         arguments:
182 |           parameters:
183 |           - name: message
184 |             value: "hello1"
185 |     - - name: hello2
186 |         template: whalesay
187 |         arguments:
188 |           parameters:
189 |           - name: message
190 |             value: "hello2"
191 |     - - name: hello3
192 |         template: whalesay
193 |         arguments:
194 |           parameters:
195 |           - name: message
196 |             value: "hello3"
197 | ```
198 | 
199 | ### 17.2.4 Parallel step 실행
200 | 
201 | ```yaml
202 | apiVersion: argoproj.io/v1alpha1
203 | kind: Workflow
204 | metadata:
205 |   generateName: parallel-steps-
206 |   namespace: default
207 | spec:
208 |   entrypoint: hello-step
209 |   templates:
210 | 
211 |   ###############
212 |   # template job
213 |   ###############
214 |   - name: whalesay
215 |     inputs:
216 |       parameters:
217 |       - name: message
218 |     container:
219 |       image: docker/whalesay
220 |       command: [cowsay]
221 |       args: ["{{inputs.parameters.message}}"]
222 | 
223 |   ###############
224 |   # entrypoint
225 |   ###############
226 |   - name: hello-step
227 |     # 병렬 실행
228 |     steps:
229 |     - - name: hello1
230 |         template: whalesay
231 |         arguments:
232 |           parameters:
233 |           - name: message
234 |             value: "hello1"
235 |     - - name: hello2
236 |         template: whalesay
237 |         arguments:
238 |           parameters:
239 |           - name: message
240 |             value: "hello2"
241 |       - name: hello3        # 기존 double dash에서 single dash로 변경
242 |         template: whalesay
243 |         arguments:
244 |           parameters:
245 |           - name: message
246 |             value: "hello3"
247 | ```
248 | 
249 | ### 17.2.5 복잡한 DAG 실행
250 | 
251 | ```yaml
252 | apiVersion: argoproj.io/v1alpha1
253 | kind: Workflow
254 | metadata:
255 |   generateName: dag-diamond-
256 |   namespace: default
257 | spec:
258 |   entrypoint: diamond
259 |   templates:
260 |   
261 |   ###############
262 |   # template job
263 |   ###############
264 |   - name: echo
265 |     inputs:
266 |       parameters:
267 |       - name: message
268 |     container:
269 |       image: alpine:3.7
270 |       command: [echo, "{{inputs.parameters.message}}"]
271 | 
272 |   ###############
273 |   # entrypoint
274 |   ###############
275 |   - name: diamond
276 |     # DAG 구성
277 |     dag:
278 |       tasks:
279 |       - name: A
280 |         template: echo
281 |         arguments:
282 |           parameters: [{name: message, value: A}]
283 |       - name: B
284 |         dependencies: [A]
285 |         template: echo
286 |         arguments:
287 |           parameters: [{name: message, value: B}]
288 |       - name: C
289 |         dependencies: [A]
290 |         template: echo
291 |         arguments:
292 |           parameters: [{name: message, value: C}]
293 |       - name: D
294 |         dependencies: [B, C]
295 |         template: echo
296 |         arguments:
297 |           parameters: [{name: message, value: D}]
298 | ```
299 | 
300 | ### 17.2.6 종료 핸들링
301 | 
302 | ```yaml
303 | apiVersion: argoproj.io/v1alpha1
304 | kind: Workflow
305 | metadata:
306 |   generateName: error-handlers-
307 |   namespace: default
308 | spec:
309 |   entrypoint: intentional-fail
310 |   # 에러 핸들러 작업 지정
311 |   onExit: error-handler
312 | 
313 |   templates:
314 |   
315 |   ###############
316 |   # template job
317 |   ###############
318 |   - name: send-email
319 |     container:
320 |       image: alpine:latest
321 |       command: [sh, -c]
322 |       args: ["echo send e-mail: {{workflow.name}} {{workflow.status}}"]
323 |   
324 |   ###############
325 |   # 종료 핸들러
326 |   ###############
327 |   - name: error-handler
328 |     steps:
329 |     - - name: notify
330 |         template: send-email
331 | 
332 |   ###############
333 |   # entrypoint
334 |   ###############
335 |   - name: intentional-fail
336 |     container:
337 |       image: alpine:latest
338 |       command: [sh, -c]
339 |       args: ["echo intentional failure; exit 1"]
340 | ```
341 | 
342 | ### Clean up
343 | 
344 | ```bash
345 | kubectl delete wf --all
346 | kubectl delete -n argo -f https://raw.githubusercontent.com/argoproj/argo/v2.8.1/manifests/install.yaml
347 | ```
348 | 


--------------------------------------------------------------------------------
/chapters/17/dag-diamond.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Workflow
 3 | metadata:
 4 |   generateName: dag-diamond-
 5 |   namespace: default
 6 | spec:
 7 |   entrypoint: diamond
 8 |   templates:
 9 |   
10 |   ###############
11 |   # template job
12 |   ###############
13 |   - name: echo
14 |     inputs:
15 |       parameters:
16 |       - name: message
17 |     container:
18 |       image: alpine:3.7
19 |       command: [echo, "{{inputs.parameters.message}}"]
20 | 
21 |   ###############
22 |   # entrypoint
23 |   ###############
24 |   - name: diamond
25 |     # DAG 구성
26 |     dag:
27 |       tasks:
28 |       - name: A
29 |         template: echo
30 |         arguments:
31 |           parameters: [{name: message, value: A}]
32 |       - name: B
33 |         dependencies: [A]
34 |         template: echo
35 |         arguments:
36 |           parameters: [{name: message, value: B}]
37 |       - name: C
38 |         dependencies: [A]
39 |         template: echo
40 |         arguments:
41 |           parameters: [{name: message, value: C}]
42 |       - name: D
43 |         dependencies: [B, C]
44 |         template: echo
45 |         arguments:
46 |           parameters: [{name: message, value: D}]


--------------------------------------------------------------------------------
/chapters/17/error-handlers.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Workflow
 3 | metadata:
 4 |   generateName: error-handlers-
 5 |   namespace: default
 6 | spec:
 7 |   entrypoint: intentional-fail
 8 |   # 에러 핸들러 작업 지정
 9 |   onExit: error-handler
10 | 
11 |   templates:
12 |   
13 |   ###############
14 |   # template job
15 |   ###############
16 |   - name: send-email
17 |     container:
18 |       image: alpine:latest
19 |       command: [sh, -c]
20 |       args: ["echo send e-mail: {{workflow.name}} {{workflow.status}}"]
21 |   
22 |   ###############
23 |   # 종료 핸들러
24 |   ###############
25 |   - name: error-handler
26 |     steps:
27 |     - - name: notify
28 |         template: send-email
29 | 
30 |   ###############
31 |   # entrypoint
32 |   ###############
33 |   - name: intentional-fail
34 |     container:
35 |       image: alpine:latest
36 |       command: [sh, -c]
37 |       args: ["echo intentional failure; exit 1"]


--------------------------------------------------------------------------------
/chapters/17/parallel-steps.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Workflow
 3 | metadata:
 4 |   generateName: parallel-steps-
 5 |   namespace: default
 6 | spec:
 7 |   entrypoint: hello-step
 8 |   templates:
 9 | 
10 |   ###############
11 |   # template job
12 |   ###############
13 |   - name: whalesay
14 |     inputs:
15 |       parameters:
16 |       - name: message
17 |     container:
18 |       image: docker/whalesay
19 |       command: [cowsay]
20 |       args: ["{{inputs.parameters.message}}"]
21 | 
22 |   ###############
23 |   # entrypoint
24 |   ###############
25 |   - name: hello-step
26 |     # 병렬 실행
27 |     steps:
28 |     - - name: hello1
29 |         template: whalesay
30 |         arguments:
31 |           parameters:
32 |           - name: message
33 |             value: "hello1"
34 |     - - name: hello2
35 |         template: whalesay
36 |         arguments:
37 |           parameters:
38 |           - name: message
39 |             value: "hello2"
40 |       - name: hello3        # 기존 double dash에서 single dash로 변경
41 |         template: whalesay
42 |         arguments:
43 |           parameters:
44 |           - name: message
45 |             value: "hello3"


--------------------------------------------------------------------------------
/chapters/17/param.yaml:
--------------------------------------------------------------------------------
 1 | # param.yaml
 2 | apiVersion: argoproj.io/v1alpha1
 3 | kind: Workflow
 4 | metadata:
 5 |   generateName: hello-world-parameters-
 6 |   namespace: default
 7 | spec:
 8 |   entrypoint: whalesay
 9 |   arguments:
10 |     parameters:
11 |     - name: message
12 |       value: hello world through param
13 | 
14 |   templates:
15 |   ###############
16 |   # entrypoint
17 |   ###############
18 |   - name: whalesay
19 |     inputs:
20 |       parameters:
21 |       - name: message
22 |     container:
23 |       image: docker/whalesay
24 |       command: [cowsay]
25 |       args: ["{{inputs.parameters.message}}"]


--------------------------------------------------------------------------------
/chapters/17/serial-step.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Workflow
 3 | metadata:
 4 |   generateName: serial-step-
 5 |   namespace: default
 6 | spec:
 7 |   entrypoint: hello-step
 8 |   templates:
 9 | 
10 |   ###############
11 |   # template job
12 |   ###############
13 |   - name: whalesay
14 |     inputs:
15 |       parameters:
16 |       - name: message
17 |     container:
18 |       image: docker/whalesay
19 |       command: [cowsay]
20 |       args: ["{{inputs.parameters.message}}"]
21 | 
22 |   ###############
23 |   # entrypoint
24 |   ###############
25 |   - name: hello-step
26 |     # 순차 실행
27 |     steps:
28 |     - - name: hello1
29 |         template: whalesay
30 |         arguments:
31 |           parameters:
32 |           - name: message
33 |             value: "hello1"
34 |     - - name: hello2
35 |         template: whalesay
36 |         arguments:
37 |           parameters:
38 |           - name: message
39 |             value: "hello2"
40 |     - - name: hello3
41 |         template: whalesay
42 |         arguments:
43 |           parameters:
44 |           - name: message
45 |             value: "hello3"


--------------------------------------------------------------------------------
/chapters/17/single-job.yaml:
--------------------------------------------------------------------------------
 1 | # single-job.yaml
 2 | apiVersion: argoproj.io/v1alpha1
 3 | kind: Workflow
 4 | metadata:
 5 |   generateName: hello-world-
 6 |   namespace: default
 7 | spec:
 8 |   entrypoint: whalesay
 9 |   templates:
10 |   - name: whalesay
11 |     container:
12 |       image: docker/whalesay
13 |       command: [cowsay]
14 |       args: ["hello world"]
15 |       resources:
16 |         limits:
17 |           memory: 32Mi
18 |           cpu: 100m


--------------------------------------------------------------------------------
/gitops/README.md:
--------------------------------------------------------------------------------
 1 | # gitops
 2 | 
 3 | 단일 진실의 원천 예제 디렉토리입니다. GitOps 구현체인 FluxCD, ArgoCD에서 해당 디렉토리를 지속적으로 관찰하다가 새로운 YAML 정의서가 생성되거나 기존의 값이 변경될 때, 그에 따라 새롭게 배포합니다. GitOps 설정 후, 다음과 같은 리소스가 나의 클러스터에 정상적으로 배포되었는지 확인해보시기 바랍니다.
 4 | 
 5 | - `deployment.yaml`
 6 | - `service.yaml`
 7 | 
 8 | ```yaml
 9 | # deployment.yaml
10 | apiVersion: apps/v1
11 | kind: Deployment
12 | metadata:
13 |   name: mynginx
14 | spec:
15 |   replicas: 1
16 |   selector:
17 |     matchLabels:
18 |       run: mynginx
19 |   template:
20 |     metadata:
21 |       labels:
22 |         run: mynginx
23 |     spec:
24 |       containers:
25 |       - image: nginx
26 |         name: mynginx
27 |         ports:
28 |         - containerPort: 80
29 | ```
30 | 
31 | 
32 | ```yaml
33 | # service.yaml
34 | apiVersion: v1
35 | kind: Service
36 | metadata:
37 |   name: mynginx
38 | spec:
39 |   ports:
40 |   - port: 80
41 |     protocol: TCP
42 |     targetPort: 80
43 |   selector:
44 |     run: mynginx
45 | ```


--------------------------------------------------------------------------------
/gitops/deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: mynginx
 5 | spec:
 6 |   replicas: 1
 7 |   selector:
 8 |     matchLabels:
 9 |       run: mynginx
10 |   template:
11 |     metadata:
12 |       labels:
13 |         run: mynginx
14 |     spec:
15 |       containers:
16 |       - image: nginx
17 |         name: mynginx
18 |         ports:
19 |         - containerPort: 80


--------------------------------------------------------------------------------
/gitops/service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: mynginx
 5 | spec:
 6 |   ports:
 7 |   - port: 80
 8 |     protocol: TCP
 9 |     targetPort: 80
10 |   selector:
11 |     run: mynginx


--------------------------------------------------------------------------------
/pipeline-sample/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:3.7
 2 | 
 3 | RUN pip install flask pytest
 4 | 
 5 | WORKDIR /work
 6 | COPY test.sh /test
 7 | COPY test.py test.py
 8 | COPY app.py app.py
 9 | 
10 | RUN chmod +x /test
11 | 
12 | CMD ["python", "app.py"]
13 | 


--------------------------------------------------------------------------------
/pipeline-sample/README.md:
--------------------------------------------------------------------------------
 1 | # pipeline-sample
 2 | 
 3 | ## CI 파이프라인
 4 | 
 5 | Jenkins CI 파이프라인을 위한 샘플코드입니다.
 6 | 
 7 | 다음과 같은 파일들이 있습니다.
 8 | 
 9 | - `app.py`: CI/CD를 통해 쿠버네티스 클러스터로 배포하려는 어플리케이션 소스코드입니다.
10 | - `Dockerfile`: 소스코드를 실행가능한 파일(도커 이미지)로 변환하는 도커파일입니다.
11 | - `test.py`: CI 파이프라인에서 테스트를 담당하는 스크립트입니다.
12 | - `test.sh`: `docker run --entrypoint=/test` 명령을 이용하여 테스트 수행 시, 실제 실행되는 스크립트입니다.
13 | 
14 | CI 파이프라인은 다음과 같은 흐름을 가집니다.
15 | 
16 | ```bash
17 | # 소스코드 checkout
18 | git clone $PROJECT_NAME
19 | git checkout $BRANCH
20 | 
21 | # 빌드 Artifact 생성
22 | docker build . -t $PROJECT_NAME
23 | 
24 | # 빌드 결과물 테스트
25 | docker run --entrypoint=/test $PROJECT_NAME
26 | 
27 | # 빌드 결과물 저장
28 | docker push docker.io/$PROJECT_NAME
29 | ```
30 | 
31 | ## 도커 안에 도커
32 | 
33 | 도커 안에서 호스트 서버의 도커 데몬을 접근하기 위해서는 다음과 같이 실행합니다.
34 | 
35 | ```bash
36 | docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock docker
37 | ```
38 | 
39 | 호스트 도커 데몬과 통신할 수 있는 소켓파일을 볼륨으로 넘겨줌으로써 컨테이너 안에서 호스트 도커 데몬을 호출할 수 있게 실행합니다.
40 | 
41 | [Docker in Docker 읽을거리](https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/)
42 | 


--------------------------------------------------------------------------------
/pipeline-sample/app.py:
--------------------------------------------------------------------------------
 1 | from flask import Flask
 2 | app = Flask(__name__)
 3 | 
 4 | 
 5 | def func(x):
 6 |     return x + 1
 7 | 
 8 | 
 9 | def func(x):
10 |     return x + 1
11 | 
12 | 
13 | @app.route('/')
14 | def hello():
15 |     ret = func(2)
16 |     return "Hello World!: " + str(ret)
17 | 
18 | 
19 | if __name__ == '__main__':
20 |     app.run()
21 | 


--------------------------------------------------------------------------------
/pipeline-sample/test.py:
--------------------------------------------------------------------------------
 1 | import app
 2 | 
 3 | 
 4 | def test_answer():
 5 |     assert app.func(3) == 4
 6 | 
 7 | 
 8 | def test_hello():
 9 |     ret = app.func(2)
10 |     assert app.hello() == "Hello World!: " + str(ret)
11 | 


--------------------------------------------------------------------------------
/pipeline-sample/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | py.test /work/test.py
3 | 


--------------------------------------------------------------------------------