k8s/Kubernates
-
lightning lab 2번 문제2023.11.09
-
[k8s] imperative command2023.11.09
-
kubernetes 커맨드 shortcuts2023.11.09
-
[CKAD] rewrite-target 옵션2023.11.02
-
[CKAD/Lab] Imperative commands2023.09.25
-
[CKAD/Lab] - namespace2023.09.24
-
[k8s] 필수 명령어2023.09.18
lightning lab 2번 문제
We have deployed a new pod called secure-pod and a service called secure-service. Incoming or Outgoing connections to this pod are not working.
Troubleshoot why this is happening.
Make sure that incoming connection from the pod webapp-color are successful.
Important: Don't delete any current objects deployed.
Important: Don't Alter Existing Objects!
Connectivity working?
서비스 확인
controlplane ~ ➜ kubectl get service -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 114m
default secure-service ClusterIP 10.96.240.77 <none> 80/TCP 59s
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 114m
파드 확인
controlplane ~ ➜ kubectl get pods
NAME READY STATUS RESTARTS AGE
secure-pod 1/1 Running 0 52s
webapp-color 1/1 Running 0 18m
webapp-color 컨테이너에서 명령 실행
controlplane ~ ➜ kubectl exec -it webapp-color -- sh
/opt # nc -v -z -w 2 secure-service 80
nc: secure-service (10.96.240.77:80): Operation timed out
network policy yaml 파일 생성
controlplane ~ ➜ kubectl get netpol default-deny -o yaml > netpol.yaml
label 확인
controlplane ~ ➜ kubectl get pod --show-labels
NAME READY STATUS RESTARTS AGE LABELS
secure-pod 1/1 Running 0 12m run=secure-pod
webapp-color 1/1 Running 0 29m name=webapp-color
netpol.yaml에서 label 추가 및 Port 추가
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
creationTimestamp: "2023-11-09T05:31:01Z"
generation: 1
name: network-policy
namespace: default
resourceVersion: "9392"
uid: 3a239d1b-ee91-4041-8ebd-beee7d250faa
spec:
podSelector:
matchLabels:
run: secure-pod
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
name: webapp-color
ports:
- protocol: TCP
port: 80
status: {}
controlplane ~ ➜ kubectl apply -f netpol.yaml --force
networkpolicy.networking.k8s.io/network-policy created
'k8s > Kubernates' 카테고리의 다른 글
[k8s] imperative command (0) | 2023.11.09 |
---|---|
kubernetes 커맨드 shortcuts (0) | 2023.11.09 |
[CKAD] rewrite-target 옵션 (0) | 2023.11.02 |
[CKAD/Lab] Imperative commands (0) | 2023.09.25 |
[CKAD/Lab] - namespace (0) | 2023.09.24 |
[k8s] imperative command
kubectl run nginx --image=nginx (deployment)
kubectl run nginx --image=nginx --restart=Never (pod)
kubectl run nginx --image=nginx --restart=OnFailure (job)
kubectl run nginx --image=nginx --restart=OnFailure --schedule"* * * * *" (cronjob)
kubectl run nginx --image=nginx \
--restart=Never --port=80 \
--namespace=myname --command -- serviceaccount=mysql --env=HOSTNAME=local \
--labels=bu=instance,env=dev \
--resquests='cpu=100m,memory=256Mi' --limits='cpu=200m,memory=512Mi'\
--dry-run -o yaml -- /bin/sh -c 'echo hello world'
kubectl run frontend --replicas=2 --labels=run=load-balancer-example --image=busybox --port=8080
kubectl expose deployment frontend --type=NodePort --name=frontend-service --port=6262 --target-port=8080
kubectl set serviceaccount deployment frontend myuser
kubectl create service clusterip my-cs --tcp=5678:8080 --dry-run -o yaml
'k8s > Kubernates' 카테고리의 다른 글
lightning lab 2번 문제 (0) | 2023.11.09 |
---|---|
kubernetes 커맨드 shortcuts (0) | 2023.11.09 |
[CKAD] rewrite-target 옵션 (0) | 2023.11.02 |
[CKAD/Lab] Imperative commands (0) | 2023.09.25 |
[CKAD/Lab] - namespace (0) | 2023.09.24 |
kubernetes 커맨드 shortcuts
po - 파드
rs - 레플리카셋
deploy - 디플로이먼트
svc - 서비스
ns - 네임스페이스
netpol - 네트워크 폴리시
pv - 퍼시스턴트 볼륨
pvc - 퍼시스턴트 볼륨 클레임
sa - 서비스 어카운트
숏컷을 사용해서 시간을 줄여보자
'k8s > Kubernates' 카테고리의 다른 글
lightning lab 2번 문제 (0) | 2023.11.09 |
---|---|
[k8s] imperative command (0) | 2023.11.09 |
[CKAD] rewrite-target 옵션 (0) | 2023.11.02 |
[CKAD/Lab] Imperative commands (0) | 2023.09.25 |
[CKAD/Lab] - namespace (0) | 2023.09.24 |
[CKAD] rewrite-target 옵션
Different ingress controllers have different options that can be used to customise the way it works. NGINX Ingress controller has many options that can be seen here. I would like to explain one such option that we will use in our labs. The Rewrite target option.
Our watch app displays the video streaming webpage at http://<watch-service>:<port>/
Our wear app displays the apparel webpage at http://<wear-service>:<port>/
We must configure Ingress to achieve the below. When user visits the URL on the left, his request should be forwarded internally to the URL on the right. Note that the /watch and /wear URL path are what we configure on the ingress controller so we can forwarded users to the appropriate application in the backend. The applications don't have this URL/Path configured on them:
http://<ingress-service>:<ingress-port>/watch --> http://<watch-service>:<port>/
http://<ingress-service>:<ingress-port>/wear --> http://<wear-service>:<port>/
Without the rewrite-target option, this is what would happen:
http://<ingress-service>:<ingress-port>/watch --> http://<watch-service>:<port>/watch
http://<ingress-service>:<ingress-port>/wear --> http://<wear-service>:<port>/wear
Notice watch and wear at the end of the target URLs. The target applications are not configured with /watch or /wear paths. They are different applications built specifically for their purpose, so they don't expect /watch or /wear in the URLs. And as such the requests would fail and throw a 404 not found error.
To fix that we want to "ReWrite" the URL when the request is passed on to the watch or wear applications. We don't want to pass in the same path that user typed in. So we specify the rewrite-target option. This rewrites the URL by replacing whatever is under rules->http->paths->path which happens to be /pay in this case with the value in rewrite-target. This works just like a search and replace function.
For example: replace(path, rewrite-target)
In our case: replace("/path","/")
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test-ingress
namespace: critical-space
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /pay
backend:
serviceName: pay-service
servicePort: 8282
In another example given here, this could also be:
replace("/something(/|$)(.*)", "/$2")
'k8s > Kubernates' 카테고리의 다른 글
[k8s] imperative command (0) | 2023.11.09 |
---|---|
kubernetes 커맨드 shortcuts (0) | 2023.11.09 |
[CKAD/Lab] Imperative commands (0) | 2023.09.25 |
[CKAD/Lab] - namespace (0) | 2023.09.24 |
[k8s] 필수 명령어 (0) | 2023.09.18 |
[CKAD/Lab] Imperative commands
Imperative command
예제1)
Deploy a redis pod using the redis:alpine image with the labels set to tier=db
Either use imperative commands to create the pod with the labels.
Or else use imperative commands to generate the pod definition file,
then add the labels before creating the pod using the file.
$ kubectl run redis --image=redis:alpine --labels tier=db
=> image 생성 및 label 생성 (kubectl run 명령어를 사용할 때 labels를 지정하는 올바른 방식은 --labels 옵션을 사용)
예제2)
Create a service redis-service to expose the redis application
within the cluster on port 6379.
Use imperative commands.
$ kubectl create deployment --image=redis redis
=> image가 redis인 deployment 생성
$ kubectl expose deployment redis --name=redis-service --port=6379 --type=ClusterIP
service/redis-service exposed
=> deployment redis를 생성하고 옵션으로 name, port, type을 부여한다.
$ kubectl get deployments.apps redis
=> redis인 deployment의 상태를 확인
NAME READY UP-TO-DATE AVAILABLE AGE
redis 1/1 1 1 4m51s
예제3)
Create a deployment named webapp
using the image kodekloud/webapp-color with 3 replicas.
Try to use imperative commands only. Do not create definition files.
Name: webapp
Image: kodekloud/webapp-color
Replicas: 3
$ kubectl create deployment --image=kodekloud/webapp-color webapp --replicas=3
'k8s > Kubernates' 카테고리의 다른 글
[k8s] imperative command (0) | 2023.11.09 |
---|---|
kubernetes 커맨드 shortcuts (0) | 2023.11.09 |
[CKAD] rewrite-target 옵션 (0) | 2023.11.02 |
[CKAD/Lab] - namespace (0) | 2023.09.24 |
[k8s] 필수 명령어 (0) | 2023.09.18 |
[CKAD/Lab] - namespace
namespace
예제 1)
Create a POD in the finance namespace.
Use the spec given below.
Name: redis
Image name: redis
$ kubectl get pods --namespace=finance
$ kubectl get pods -n=finance
=> 네임스페이스 finance 내의 pod를 확인하는 커맨드
$ kubectl run redis --image=redis --namespace=finance
=> 네임스페이스 finance 내에 redis 라는 이름으로 redis를 생성하는 커맨드
예제 2)
Access the Blue web application using the link above your terminal!!
From the UI you can ping other services
$ kubectl get ns
=> 네임스페이스 확인하기
$ kubectl get pods --all-namespaces
$ kubectl get pods -A
=> 네임스페이스 내의 모든 파드를 확인하기
kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default myapp-pod 1/1 Running 0 10d
kube-system coredns-5d78c9869d-smgl9 1/1 Running 0 10d
kube-system etcd-minikube 1/1 Running 0 10d
kube-system kube-apiserver-minikube 1/1 Running 0 10d
kube-system kube-controller-manager-minikube 1/1 Running 0 10d
kube-system kube-proxy-wl26h 1/1 Running 0 10d
kube-system kube-scheduler-minikube 1/1 Running 0 10d
kube-system storage-provisioner 1/1 Running 0 10d
prod nginx 1/1 Running 0 76m
prod nginx-77b4fdf86c-4svbg 0/1 ImagePullBackOff 0 64m
prod nginx-77b4fdf86c-8hmkd 0/1 ImagePullBackOff 0 64m
prod nginx-77b4fdf86c-ffggl 0/1 ImagePullBackOff 0 64m
prod nginx-77b4fdf86c-k4hsn 0/1 ErrImagePull 0 64m
prod nginx-pod 1/1 Running 0 84m
prod redis 0/1 ImagePullBackOff 0 58m
$ kubectl get pods --namespace
=> 네임스페이스 내에 존재하는 pod를 확인하기
$ kubectl get pods --namespace=marketing blue -o wide
-> 네임스페이스 marketing에 존재하는 pod를 확인하고, blue 파드의 상세정보를 확인하기
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
blue 1/1 Running 0 21m 10.42.0.15 controlplane <none> <none>
=> IP를 확인하고 ping 테스트를 한다.
예제3)
What DNS name should the Blue application use to access the database db-service in its own namespace - marketing?
You can try it in the web application UI. Use port 6379.
$ kubectl get svc -n=marketing
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
blue-service NodePort 10.43.134.31 <none> 8080:30082/TCP 2m35s
db-service NodePort 10.43.233.164 <none> 6379:31313/TCP 2m35s
db-service
예제4)
What DNS name should the Blue application use to access the database db-service in the dev namespace?
You can try it in the web application UI. Use port 6379.
'k8s > Kubernates' 카테고리의 다른 글
[k8s] imperative command (0) | 2023.11.09 |
---|---|
kubernetes 커맨드 shortcuts (0) | 2023.11.09 |
[CKAD] rewrite-target 옵션 (0) | 2023.11.02 |
[CKAD/Lab] Imperative commands (0) | 2023.09.25 |
[k8s] 필수 명령어 (0) | 2023.09.18 |
[k8s] 필수 명령어
--dry-run: 리소스 즉시 생성
--dry-run=client: 커맨드 테스트 -> 리소스가 생성되지 않음.
-o yaml: 리소스 정의를 YAML 파일 형식으로 생성해준다.
=> 리다이렉션으로 nginx-pod.yaml 파일을 생성할 수 있고, 해당 파일을 수정 및 리소스를 추가하여 업데이트 할 수 있다.
예제:
참고자료
https://kubernetes.io/docs/reference/kubectl/
'k8s > Kubernates' 카테고리의 다른 글
[k8s] imperative command (0) | 2023.11.09 |
---|---|
kubernetes 커맨드 shortcuts (0) | 2023.11.09 |
[CKAD] rewrite-target 옵션 (0) | 2023.11.02 |
[CKAD/Lab] Imperative commands (0) | 2023.09.25 |
[CKAD/Lab] - namespace (0) | 2023.09.24 |