k8s/Kubernates

lightning lab 2번 문제

2023. 11. 9. 15:10

 

We have deployed a new pod called secure-pod and a service called secure-service. Incoming or Outgoing connections to this pod are not working.
Troubleshoot why this is happening.

Make sure that incoming connection from the pod webapp-color are successful.


Important: Don't delete any current objects deployed.

Important: Don't Alter Existing Objects!

Connectivity working?

 

서비스 확인

controlplane ~ ➜  kubectl get service -A
NAMESPACE     NAME             TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                  AGE
default       kubernetes       ClusterIP   10.96.0.1      <none>        443/TCP                  114m
default       secure-service   ClusterIP   10.96.240.77   <none>        80/TCP                   59s
kube-system   kube-dns         ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP   114m

 

파드 확인

controlplane ~ ➜  kubectl get pods 
NAME           READY   STATUS    RESTARTS   AGE
secure-pod     1/1     Running   0          52s
webapp-color   1/1     Running   0          18m

 

webapp-color 컨테이너에서 명령 실행 

controlplane ~ ➜  kubectl exec -it webapp-color -- sh 
/opt # nc -v -z -w 2 secure-service 80
nc: secure-service (10.96.240.77:80): Operation timed out

 

network policy yaml 파일 생성

controlplane ~ ➜  kubectl get netpol default-deny -o yaml > netpol.yaml

 

 

label 확인

controlplane ~ ➜  kubectl get pod --show-labels 
NAME           READY   STATUS    RESTARTS   AGE   LABELS
secure-pod     1/1     Running   0          12m   run=secure-pod
webapp-color   1/1     Running   0          29m   name=webapp-color

 

 

netpol.yaml에서 label 추가 및 Port 추가

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  creationTimestamp: "2023-11-09T05:31:01Z"
  generation: 1
  name: network-policy
  namespace: default
  resourceVersion: "9392"
  uid: 3a239d1b-ee91-4041-8ebd-beee7d250faa
spec:
  podSelector:
    matchLabels:
      run: secure-pod
  policyTypes:
  - Ingress
  ingress:
    - from:
        - podSelector:
            matchLabels:
              name: webapp-color
      ports:
        - protocol: TCP
          port: 80
status: {}

 

controlplane ~ ➜  kubectl apply -f netpol.yaml --force
networkpolicy.networking.k8s.io/network-policy created
저작자표시

'k8s > Kubernates' 카테고리의 다른 글

[k8s] imperative command  (0) 2023.11.09
kubernetes 커맨드 shortcuts  (0) 2023.11.09
[CKAD] rewrite-target 옵션  (0) 2023.11.02
[CKAD/Lab] Imperative commands  (0) 2023.09.25
[CKAD/Lab] - namespace  (0) 2023.09.24

[k8s] imperative command

2023. 11. 9. 14:30

 

kubectl run nginx --image=nginx (deployment)

kubectl run nginx --image=nginx --restart=Never (pod)

kubectl run nginx --image=nginx --restart=OnFailure (job)

kubectl run nginx --image=nginx --restart=OnFailure --schedule"* * * * *" (cronjob)

 

kubectl run nginx --image=nginx \
--restart=Never --port=80 \
--namespace=myname --command -- serviceaccount=mysql --env=HOSTNAME=local \ 
--labels=bu=instance,env=dev \
--resquests='cpu=100m,memory=256Mi' --limits='cpu=200m,memory=512Mi'\
--dry-run -o yaml -- /bin/sh -c 'echo hello world'

 

 

kubectl run frontend --replicas=2 --labels=run=load-balancer-example --image=busybox --port=8080 

kubectl expose deployment frontend --type=NodePort --name=frontend-service --port=6262 --target-port=8080

kubectl set serviceaccount deployment frontend myuser

kubectl create service clusterip my-cs --tcp=5678:8080 --dry-run -o yaml

 

 

 

저작자표시

'k8s > Kubernates' 카테고리의 다른 글

lightning lab 2번 문제  (0) 2023.11.09
kubernetes 커맨드 shortcuts  (0) 2023.11.09
[CKAD] rewrite-target 옵션  (0) 2023.11.02
[CKAD/Lab] Imperative commands  (0) 2023.09.25
[CKAD/Lab] - namespace  (0) 2023.09.24

kubernetes 커맨드 shortcuts

2023. 11. 9. 11:41

po - 파드 

rs - 레플리카셋

deploy - 디플로이먼트 

svc - 서비스 

ns - 네임스페이스 

netpol - 네트워크 폴리시

pv - 퍼시스턴트 볼륨 

pvc - 퍼시스턴트 볼륨 클레임

sa - 서비스 어카운트

 

숏컷을 사용해서 시간을 줄여보자

저작자표시

'k8s > Kubernates' 카테고리의 다른 글

lightning lab 2번 문제  (0) 2023.11.09
[k8s] imperative command  (0) 2023.11.09
[CKAD] rewrite-target 옵션  (0) 2023.11.02
[CKAD/Lab] Imperative commands  (0) 2023.09.25
[CKAD/Lab] - namespace  (0) 2023.09.24

[CKAD] rewrite-target 옵션

2023. 11. 2. 14:34

Different ingress controllers have different options that can be used to customise the way it works. NGINX Ingress controller has many options that can be seen here. I would like to explain one such option that we will use in our labs. The Rewrite target option.

 

Our watch app displays the video streaming webpage at http://<watch-service>:<port>/

Our wear app displays the apparel webpage at http://<wear-service>:<port>/

We must configure Ingress to achieve the below. When user visits the URL on the left, his request should be forwarded internally to the URL on the right. Note that the /watch and /wear URL path are what we configure on the ingress controller so we can forwarded users to the appropriate application in the backend. The applications don't have this URL/Path configured on them:

http://<ingress-service>:<ingress-port>/watch --> http://<watch-service>:<port>/

http://<ingress-service>:<ingress-port>/wear --> http://<wear-service>:<port>/

 

Without the rewrite-target option, this is what would happen:

http://<ingress-service>:<ingress-port>/watch --> http://<watch-service>:<port>/watch

http://<ingress-service>:<ingress-port>/wear --> http://<wear-service>:<port>/wear

 

Notice watch and wear at the end of the target URLs. The target applications are not configured with /watch or /wear paths. They are different applications built specifically for their purpose, so they don't expect /watch or /wear in the URLs. And as such the requests would fail and throw a 404 not found error.

 

To fix that we want to "ReWrite" the URL when the request is passed on to the watch or wear applications. We don't want to pass in the same path that user typed in. So we specify the rewrite-target option. This rewrites the URL by replacing whatever is under rules->http->paths->path which happens to be /pay in this case with the value in rewrite-target. This works just like a search and replace function.

For example: replace(path, rewrite-target)
In our case: replace("/path","/")

 

더보기 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: critical-space
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - http:
      paths:
      - path: /pay
        backend:
          serviceName: pay-service
          servicePort: 8282

 

In another example given here, this could also be:

replace("/something(/|$)(.*)", "/$2")

 

 

 

저작자표시

'k8s > Kubernates' 카테고리의 다른 글

[k8s] imperative command  (0) 2023.11.09
kubernetes 커맨드 shortcuts  (0) 2023.11.09
[CKAD/Lab] Imperative commands  (0) 2023.09.25
[CKAD/Lab] - namespace  (0) 2023.09.24
[k8s] 필수 명령어  (0) 2023.09.18

[CKAD/Lab] Imperative commands

2023. 9. 25. 09:19

Imperative command

 

 

예제1)

Deploy a redis pod using the redis:alpine image with the labels set to tier=db

Either use imperative commands to create the pod with the labels. 
Or else use imperative commands to generate the pod definition file, 
then add the labels before creating the pod using the file.

$ kubectl run redis --image=redis:alpine --labels tier=db

=> image 생성 및 label 생성 (kubectl run 명령어를 사용할 때 labels를 지정하는 올바른 방식은 --labels 옵션을 사용)

 

 

예제2)

Create a service redis-service to expose the redis application 
within the cluster on port 6379.

Use imperative commands.

$ kubectl create deployment --image=redis redis 

=> image가 redis인 deployment 생성 

 

$ kubectl expose deployment redis --name=redis-service --port=6379 --type=ClusterIP
service/redis-service exposed

=> deployment redis를 생성하고 옵션으로 name, port, type을 부여한다.

 

$ kubectl get deployments.apps redis 

=> redis인 deployment의 상태를 확인

NAME    READY   UP-TO-DATE   AVAILABLE   AGE
redis   1/1     1            1           4m51s

 

 

 

예제3)

Create a deployment named webapp 
using the image kodekloud/webapp-color with 3 replicas.

Try to use imperative commands only. Do not create definition files.


Name: webapp

Image: kodekloud/webapp-color

Replicas: 3

 

$ kubectl create deployment --image=kodekloud/webapp-color webapp --replicas=3

 

저작자표시

'k8s > Kubernates' 카테고리의 다른 글

[k8s] imperative command  (0) 2023.11.09
kubernetes 커맨드 shortcuts  (0) 2023.11.09
[CKAD] rewrite-target 옵션  (0) 2023.11.02
[CKAD/Lab] - namespace  (0) 2023.09.24
[k8s] 필수 명령어  (0) 2023.09.18

[CKAD/Lab] - namespace

2023. 9. 24. 13:07
 

namespace

 

 예제 1)

Create a POD in the finance namespace.

Use the spec given below.


Name: redis
Image name: redis

 

$ kubectl get pods --namespace=finance 

$ kubectl get pods -n=finance

=> 네임스페이스 finance 내의 pod를 확인하는 커맨드 

 

$ kubectl run redis --image=redis --namespace=finance

=> 네임스페이스 finance 내에 redis 라는 이름으로 redis를 생성하는 커맨드

 

 

 

예제 2) 

Access the Blue web application using the link above your terminal!!


From the UI you can ping other services

 

 

$ kubectl get ns 

=> 네임스페이스 확인하기

 

$ kubectl get pods --all-namespaces

$ kubectl get pods -A

=> 네임스페이스 내의 모든 파드를 확인하기

kubectl get pods --all-namespaces
NAMESPACE     NAME                               READY   STATUS             RESTARTS   AGE
default       myapp-pod                          1/1     Running            0          10d
kube-system   coredns-5d78c9869d-smgl9           1/1     Running            0          10d
kube-system   etcd-minikube                      1/1     Running            0          10d
kube-system   kube-apiserver-minikube            1/1     Running            0          10d
kube-system   kube-controller-manager-minikube   1/1     Running            0          10d
kube-system   kube-proxy-wl26h                   1/1     Running            0          10d
kube-system   kube-scheduler-minikube            1/1     Running            0          10d
kube-system   storage-provisioner                1/1     Running            0          10d
prod          nginx                              1/1     Running            0          76m
prod          nginx-77b4fdf86c-4svbg             0/1     ImagePullBackOff   0          64m
prod          nginx-77b4fdf86c-8hmkd             0/1     ImagePullBackOff   0          64m
prod          nginx-77b4fdf86c-ffggl             0/1     ImagePullBackOff   0          64m
prod          nginx-77b4fdf86c-k4hsn             0/1     ErrImagePull       0          64m
prod          nginx-pod                          1/1     Running            0          84m
prod          redis                              0/1     ImagePullBackOff   0          58m

 

$ kubectl get pods --namespace

=> 네임스페이스 내에 존재하는 pod를 확인하기 

 

$ kubectl get pods --namespace=marketing blue -o wide

-> 네임스페이스 marketing에 존재하는 pod를 확인하고, blue 파드의 상세정보를 확인하기

NAME   READY   STATUS    RESTARTS   AGE   IP           NODE           NOMINATED NODE   READINESS GATES
blue   1/1     Running   0          21m   10.42.0.15   controlplane   <none>           <none>

=> IP를 확인하고 ping 테스트를 한다.

 

 

 

 

예제3)

What DNS name should the Blue application use to access the database db-service in its own namespace - marketing?


You can try it in the web application UI. Use port 6379.

$ kubectl get svc -n=marketing

NAME           TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
blue-service   NodePort   10.43.134.31    <none>        8080:30082/TCP   2m35s
db-service     NodePort   10.43.233.164   <none>        6379:31313/TCP   2m35s

db-service

 

 

 

예제4)

What DNS name should the Blue application use to access the database db-service in the dev namespace?


You can try it in the web application UI. Use port 6379.

저작자표시

'k8s > Kubernates' 카테고리의 다른 글

[k8s] imperative command  (0) 2023.11.09
kubernetes 커맨드 shortcuts  (0) 2023.11.09
[CKAD] rewrite-target 옵션  (0) 2023.11.02
[CKAD/Lab] Imperative commands  (0) 2023.09.25
[k8s] 필수 명령어  (0) 2023.09.18

[k8s] 필수 명령어

2023. 9. 18. 22:15

--dry-run: 리소스 즉시 생성 

--dry-run=client: 커맨드 테스트 -> 리소스가 생성되지 않음.

-o yaml: 리소스 정의를 YAML 파일 형식으로 생성해준다.

 

 

$ kubectl run nginx --image=nginx --dry-run=client -o yaml > nginx-pod.yaml

=> 리다이렉션으로 nginx-pod.yaml 파일을 생성할 수 있고, 해당 파일을 수정 및 리소스를 추가하여 업데이트 할 수 있다.

 

 

예제:

# POD


Create an NGINX Pod

$ kubectl run nginx --image=nginx



Generate POD Manifest YAML file (-o yaml). Don't create it(--dry-run)

$ kubectl run nginx --image=nginx --dry-run=client -o yaml



# Deployment

Create a deployment

$ kubectl create deployment --image=nginx nginx



Generate Deployment YAML file (-o yaml). Don't create it(--dry-run)

$ kubectl create deployment --image=nginx nginx --dry-run=client -o yaml



Generate Deployment with 4 Replicas

$ kubectl create deployment --image=nginx nginx --replicas=4

=

$ kubectl scale deployment nginx --replicas=4



Another way to do this is to save the YAML definition to a file and modify

$ kubectl create deployment nginx --image=nginx --dry-run=client -o yaml > nginx-deployment.yaml

=> 이렇게 yaml 파일을 리다이렉션으로 생성하게되면 create를 하기 전에 replicas 다른 리소스 필드를 수정 있다.



# Service

Create a Service named redis-service of type ClusterIP to expose pod redis on port 6379

$ kubectl expose pod redis --port=6379 --name=redis-service --dry-run=client -o yaml

=> pod의 라벨을 자동으로 사용한다.



or



$ kubectl create service clusterip redis --tcp=6379:6379 --dry-run=client -o yaml

=> => pod의 라벨을 자동으로 사용하지 않는다. 대신에 selector를 app=redis로 인식한다.



Create a Service named nginx of type NodePort to expose pod nginx's port 80 on port 30080 on the nodes:

$ kubectl expose pod nginx --port=80 --name=nginx-service --type=NodePort --dry-run=client -o yaml

=> pod의 라벨을 자동으로 사용한다.

or

$ kubectl create service nodeport nginx --tcp=80:80 --node-port=30080 --dry-run=client -o yaml

 

 

 

참고자료 

https://kubernetes.io/docs/reference/kubectl/

 

Command line tool (kubectl)

Production-Grade Container Orchestration

kubernetes.io

 

저작자표시

'k8s > Kubernates' 카테고리의 다른 글

[k8s] imperative command  (0) 2023.11.09
kubernetes 커맨드 shortcuts  (0) 2023.11.09
[CKAD] rewrite-target 옵션  (0) 2023.11.02
[CKAD/Lab] Imperative commands  (0) 2023.09.25
[CKAD/Lab] - namespace  (0) 2023.09.24

+ Recent posts

티스토리툴바