ためすう

VolumeのemptyDirと、downwardAPIを使ってみる (kubernetes)

2021-01-23

やったこと

VolumeのemptyDirを使ってみます

確認環境

$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

調査

emptyDir を使ってみる

emptydir.yaml

apiVersion: v1
kind: Pod
metadata:
  name: sample-pod
spec:
  containers:
    - name: nginx-container
      image: nginx:1.17
      volumeMounts:
        - mountPath: /cache
          name: cache-volume
  volumes:
    - name: cache-volume
      emptyDir:
        sizeLimit: 150Mi
$ k apply -f emptydir.yaml
pod/sample-pod created

$ k exec -it sample-pod -- df -h | grep cache
/dev/vda1        59G   33G   24G  59% /cache

cacheディレクトリに割り当てられることを確認できました。

downwardAPI を使ってみる

Pod と コンテナの情報をファイルを通して、取得します。

downward-api.yaml

apiVersion: v1
kind: Pod
metadata:
  name: sample-pod
spec:
  containers:
    - name: nginx-container
      image: nginx:1.17
      volumeMounts:
        - mountPath: /hoge
          name: downward-api-volume
  volumes:
    - name: downward-api-volume
      downwardAPI:
        items:
          - path: "podname"
            fieldRef:
              fieldPath: metadata.name
$ k apply -f downward-api.yaml
pod/sample-pod created
$ k exec -it sample-pod -- ls /hoge
podname
$ k exec -it sample-pod -- cat /hoge/podname
sample-pod

参考

Istioを使ってみる (kubernetes)

2021-01-17

Istio を使ってみます。

Download

$ curl -L https://istio.io/downloadIstio | sh -

Install

$ cd istio-1.8.1
$ ./bin/istioctl version
no running Istio pods in "istio-system"
1.8.1
$ ./bin/istioctl install --set profile=demo -y
Detected that your cluster does not support third party JWT authentication. Falling back to less secure first party JWT. See https://istio.io/v1.8/docs/ops/best-practices/security/#configure-third-party-service-account-tokens for details.
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete

$ k label namespace default istio-injection=enabled
namespace/default labeled

$ k get namespace -L istio-injection
NAME              STATUS   AGE     ISTIO-INJECTION
default           Active   50d     enabled
ingress-nginx     Active   5d18h
istio-system      Active   4m11s   disabled
kube-node-lease   Active   50d
kube-public       Active   50d
kube-system       Active   50d
sample3.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment-first
spec:
  replicas: 2
  selector:
    matchLabels:
      app: sample3
  template:
    metadata:
      labels:
        app: sample3
    spec:
      containers:
        - name: nginx-container
          image: nginx:1.17
$ k apply -f sample3.yaml
deployment.apps/my-deployment-first created
$ k get pods
NAME                                   READY   STATUS    RESTARTS   AGE
my-deployment-first-5b8875c9cb-kstnh   2/2     Running   0          69s
my-deployment-first-5b8875c9cb-vg7hk   2/2     Running   0          69s

1回ここで一区切りして、次はチュートリアルのサンプルアプリケーションをデプロイします。

Deploy

$ k apply -f samples/bookinfo/platform/kube/bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created
$ k apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
unable to recognize "samples/bookinfo/networking/bookinfo-gateway.yaml": no matches for kind "Gateway" in version "networking.istio.io/v1alpha3"
unable to recognize "samples/bookinfo/networking/bookinfo-gateway.yaml": no matches for kind "VirtualService" in version "networking.istio.io/v1alpha3"

Pod の状態確認

$ k get pod
NAME                              READY   STATUS    RESTARTS   AGE
details-v1-79c697d759-5lvpj       2/2     Running   0          5m36s
productpage-v1-65576bb7bf-vtwxt   2/2     Running   0          5m35s
ratings-v1-7d99676f7f-gf7cz       2/2     Running   0          5m35s
reviews-v1-987d495c-s9mrq         2/2     Running   0          5m36s
reviews-v2-6c5bf657cf-j5cbg       2/2     Running   0          5m36s
reviews-v3-5f7b9f4f77-pdvdf       2/2     Running   0          5m36s
$ ./bin/istioctl analyze

✔ No validation issues found when analyzing namespace: default.

ブラウザからアクセスする

$ kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}'
80

Docker for Desktop を使っている場合

下記にアクセスすると、ページが見れると思います。

http://localhost/productpage

参考

ingress-nginx を使ってみる (kubernetes)

2021-01-16

やったこと

ingress-nginx を使ってみます。

確認環境

$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

調査

Ingressはクラスター外からクラスター内ServiceへのHTTPとHTTPSのルートを公開します。トラフィックのルーティングはIngressリソース上で定義されるルールによって制御されます。

インストール

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.42.0/deploy/static/provider/cloud/deploy.yaml

バージョン確認

$ POD_NAMESPACE=ingress-nginx
$ POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=ingress-nginx --field-selector=status.phase=Running -o jsonpath='{.items[0].metadata.name}')
$
$ kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version
-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:       v0.42.0
  Build:         e98e48d99abd6e65b761a66ed3a6a093f1ed16ec
  Repository:    https://github.com/kubernetes/ingress-nginx
  nginx version: nginx/1.19.6

-------------------------------------------------------------------------------

マニフェストの適用

sample6.yaml

---
apiVersion: v1
kind: Service
metadata:
  name: my-ingress
spec:
  type: NodePort
  ports:
  - name: "hoge"
    protocol: "TCP"
    port: 8080
    targetPort: 80
  selector:
    ingress-app: sample6
---
apiVersion: v1
kind: Pod
metadata:
  name: sample-pod
  labels:
    ingress-app: sample6
spec:
  containers:
    - name: nginx-container
      image: nginx:1.17
---
apiVersion: v1
kind: Service
metadata:
  name: my-ingress-default
spec:
  type: NodePort
  ports:
  - name: "hoge"
    protocol: "TCP"
    port: 8080
    targetPort: 80
  selector:
    ingress-app: default
---
apiVersion: v1
kind: Pod
metadata:
  name: sample-pod-default
  labels:
    ingress-app: default
spec:
  containers:
    - name: nginx-container
      image: nginx:1.17

first-nginx-ingress.yaml

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: first-nginx-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
  - host: localhost
    http:
      paths:
      - path: /hoge
        backend:
          serviceName: my-ingress
          servicePort: 8080
  backend:
    serviceName: my-ingress-default
    servicePort: 8080
$ k apply -f sample6.yaml -f first-nginx-ingress.yaml
service/my-ingress created
pod/sample-pod created
service/my-ingress-default created
pod/sample-pod-default created
ingress.networking.k8s.io/first-nginx-ingress created


$ k get ingresses
NAME                  CLASS    HOSTS       ADDRESS   PORTS   AGE
first-nginx-ingress   <none>   localhost             80      30s

色々なURLにアクセスしてみる

$ curl http://localhost/path1/ -H "Host: hoge.com"
$ curl http://localhost/hoge/
$ curl http://localhost/hoge/
$ curl http://localhost/hoge/2
$ curl http://localhost/
$ curl http://localhost/aaa
$ curl http://localhost/hoge/ -H "Host: hoge.com"

ログを確認する

$ k get pods
NAME                 READY   STATUS    RESTARTS   AGE
sample-pod           1/1     Running   0          2m56s
sample-pod-default   1/1     Running   0          2m56s

$ k logs -f sample-pod
2020/12/29 02:49:10 [error] 6#6: *1 "/usr/share/nginx/html/hoge/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/ HTTP/1.1", host: "localhost"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /hoge/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:49:10 [error] 6#6: *2 "/usr/share/nginx/html/hoge/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/ HTTP/1.1", host: "localhost"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /hoge/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /hoge/2 HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:49:10 [error] 6#6: *1 open() "/usr/share/nginx/html/hoge/2" failed (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/2 HTTP/1.1", host: "localhost"

$ k logs -f sample-pod-default
2020/12/29 02:49:10 [error] 7#7: *1 "/usr/share/nginx/html/path1/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /path1/ HTTP/1.1", host: "hoge.com"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /path1/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:49:11 [error] 7#7: *3 open() "/usr/share/nginx/html/aaa" failed (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /aaa HTTP/1.1", host: "localhost"
10.1.0.234 - - [29/Dec/2020:02:49:11 +0000] "GET /aaa HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:50:02 [error] 7#7: *4 "/usr/share/nginx/html/hoge/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/ HTTP/1.1", host: "hoge.com"
10.1.0.234 - - [29/Dec/2020:02:50:02 +0000] "GET /hoge/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"

おまけ

ingress controller のログを見る

$ k get pods -n ingress-nginx
NAME                                       READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-g48fl       0/1     Completed   0          6d11h
ingress-nginx-admission-patch-trndr        0/1     Completed   0          6d11h
ingress-nginx-controller-bb47df656-w77cx   1/1     Running     0          91m
$ k logs -n ingress-nginx ingress-nginx-controller-bb47df656-w77cx

参考

Secret を使ってみる (kubernetes)

2021-01-11

やったこと

今回は env ファイルから Secret を作成します。

確認環境

$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

調査

Secret を作成しておく

sample.env

AAA=123
BBB=456
CCC=abc
$ k create secret generic --save-config first-secret --from-env-file ./sample.env
secret/first-secret created
$ k get secrets
NAME                  TYPE                                  DATA   AGE
default-token-m6ts6   kubernetes.io/service-account-token   3      49d
first-secret          Opaque                                3      101s

Pod に Secret を環境変数で渡す

sample2.yaml

apiVersion: v1
kind: Pod
metadata:
  name: first-secret
spec:
  containers:
    - name: nginx-container
      image: nginx:1.17
      envFrom:
        - secretRef:
            name: first-secret

コンテナ内では環境変数を読むことができます。

$ k apply -f sample2.yaml
pod/first-secret created

※ 出力結果は抜粋
$ k exec -it first-secret -- env
AAA=123
BBB=456
CCC=abc

k get コマンドから確認すると、Base64 で値が保存されています。

$ k get secret first-secret -o jsonpath="{.data}"
map[AAA:MTIz BBB:NDU2 CCC:YWJj]

参考

kubesec を使ってみる (kubernetes)

2021-01-03

やったこと

Secret リソースを暗号化するため、kubesec を使ってみます。

確認環境

$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

調査

インストール

kubesec のインストール

$ curl -sSL https://github.com/shyiko/kubesec/releases/download/0.9.2/kubesec-0.9.2-darwin-amd64 \
>   -o kubesec && chmod a+x kubesec && sudo mv kubesec /usr/local/bin/
Password:
$ kubesec --version
0.9.2

gpg のインストール

$ brew install gpg
$ gpg --version
gpg (GnuPG) 2.2.25
libgcrypt 1.8.7
(省略)

暗号化

secret-hoge.yaml

apiVersion: v1
kind: Secret
metadata:
  name: first-kubesec
type: Opaque
data:
  AAA: MTIz
  BBB: NDU2
  CCC: YWJj
$ gpg --gen-key
pub   rsa3072 2020-12-27 [SC] [有効期限: 2022-12-27]
      xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

※ 鍵はxに変換してあります。

標準出力
$ kubesec encrypt --key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx secret-hoge.yaml

ファイル書き換え
$ kubesec encrypt -i --key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx secret-hoge.yaml

※ 出力結果は省略します。

復号化

$ kubesec decrypt secret-hoge.yaml
apiVersion: v1
data:
  AAA: MTIz
  BBB: NDU2
  CCC: YWJj
kind: Secret
metadata:
  name: first-kubesec
type: Opaque

参考

ServiceのClusterIPを使ってみる (kubernetes)

2021-01-03

やったこと

Service の ClusterIP を使ってみます。

確認環境

$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

調査

first-cluster-ip.yaml

apiVersion: v1
kind: Service
metadata:
  name: my-cluster-ip
spec:
  type: ClusterIP
  ports:
  - name: "hoge"
    protocol: "TCP"
    port: 8080
    targetPort: 80
  selector:
    app: sample5

sample5.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: sample5
  template:
    metadata:
      labels:
        app: sample5
    spec:
      containers:
        - name: nginx-container
          image: nginx:1.17
$ k apply -f sample5.yaml -f first-cluster-ip.yaml
deployment.apps/my-deployment created
service/my-cluster-ip created

$ k get pods -o wide
NAME                             READY   STATUS    RESTARTS   AGE   IP           NODE             NOMINATED NODE   READINESS GATES
my-deployment-5f9fb9cfc8-69w6v   1/1     Running   0          24s   10.1.0.221   docker-desktop   <none>           <none>
my-deployment-5f9fb9cfc8-c25mg   1/1     Running   0          24s   10.1.0.223   docker-desktop   <none>           <none>
my-deployment-5f9fb9cfc8-m5qnk   1/1     Running   0          24s   10.1.0.222   docker-desktop   <none>           <none>

$ k get service my-cluster-ip
NAME            TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
my-cluster-ip   ClusterIP   10.109.253.129   <none>        8080/TCP   6m32s

※ 同じクラスタ内のコンテナからアクセス

$ curl -v http://10.109.253.129:8080

何回かアクセスを繰り返すと、アクセスが振り分けられていることが分かります。

$ k logs -f my-deployment-5f9fb9cfc8-69w6v
10.1.0.1 - - [28/Dec/2020:16:10:22 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:17:02 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:17:04 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"

$ k logs -f my-deployment-5f9fb9cfc8-c25mg
10.1.0.1 - - [28/Dec/2020:16:04:48 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:10:27 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:11:02 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:17:06 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"

$ k logs -f my-deployment-5f9fb9cfc8-m5qnk
10.1.0.1 - - [28/Dec/2020:16:04:38 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:17:03 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"

参考

ConfigMap を使ってみる (kubernetes)

2021-01-02

やったこと

ConfigMap を使ってみます。

確認環境

$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

調査

今回は Volume マウントを使って情報を渡します。

ConfigMap の作成

hoge.yaml

 aaa:
   bbb: 999
 ccc:
   ddd: 888
$ k create configmap --save-config my-configmap --from-file=hoge.yaml
configmap/my-configmap created
$ k get cm
NAME           DATA   AGE
my-configmap   1      32s

Pod に Volume マウントしてファイルを渡す

sample3.yaml

apiVersion: v1
kind: Pod
metadata:
  name: first-configmap
spec:
  containers:
    - name: nginx-container
      image: nginx:1.17
      volumeMounts:
      - name: my-tmp-volume
        mountPath: /tmp
  volumes:
  - name: my-tmp-volume
    configMap:
      name: my-configmap
      items:
      - key: hoge.yaml
        path: hoge_new.yaml
$ k apply -f sample3.yaml
pod/first-configmap created
$ k get pod
NAME              READY   STATUS    RESTARTS   AGE
first-configmap   1/1     Running   0          5s

コンテナからファイルを読み込む。

$ k exec -it first-configmap -- cat /tmp/hoge_new.yaml
aaa:
  bbb: 999
ccc:
  ddd: 888

環境変数を使ってみる (kubernetes)

2021-01-01

やったこと

環境変数をコンテナに渡してみます。

確認環境

$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

調査

sample.yaml

apiVersion: v1
kind: Pod
metadata:
  name: first-env
spec:
  containers:
    - name: nginx-container
      image: nginx:1.17
      env:
      - name: MY_GREETING
        value: "Warm greetings to"
      - name: MY_MEM_REQUEST
        valueFrom:
          resourceFieldRef:
            containerName: nginx-container
            resource: requests.memory

マニフェストの適用 + 環境変数の確認

$ k apply -f sample.yaml
pod/first-env created
$ k exec -it first-env -- env | grep "MY_"
MY_GREETING=Warm greetings to
MY_MEM_REQUEST=0

参考

Job を使ってみる (kubernetes)

2021-01-01

やったこと

Job を使ってみます。

確認環境

$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

調査

job.yaml

apiVersion: batch/v1
kind: Job
metadata:
  name: pi
spec:
  template:
    spec:
      containers:
      - name: pi
        image: perl
        command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(20)"]
      restartPolicy: Never
  backoffLimit: 4
  parallelism: 3
  completions: 10
$ k apply -f job.yaml
job.batch/pi created
$ k get pods --watch
NAME       READY   STATUS              RESTARTS   AGE
pi-7x8sv   0/1     ContainerCreating   0          6s
pi-k6mxv   0/1     ContainerCreating   0          6s
pi-tg6cx   0/1     ContainerCreating   0          6s
pi-7x8sv   0/1     Completed           0          108s
pi-8gbgj   0/1     Pending             0          0s
pi-8gbgj   0/1     Pending             0          0s
pi-8gbgj   0/1     ContainerCreating   0          0s
pi-k6mxv   0/1     Completed           0          110s
pi-dtbll   0/1     Pending             0          0s
pi-dtbll   0/1     Pending             0          0s
pi-dtbll   0/1     ContainerCreating   0          0s
pi-tg6cx   0/1     Completed           0          119s
pi-cl6fx   0/1     Pending             0          0s
pi-cl6fx   0/1     Pending             0          0s
pi-cl6fx   0/1     ContainerCreating   0          0s
pi-8gbgj   0/1     Completed           0          17s
... (省略)

Job 終了後の結果

$ k get jobs
NAME   COMPLETIONS   DURATION   AGE
pi     10/10         2m34s      11m

参考

tcpdump を使ってみる (Unix)

2020-12-31

やったこと

man tcpdump より抜粋

tcpdump - dump traffic on a network

調査

前準備

詳細手順は省きます。webサーバーを用意します。

Webブラウザから何度かアクセス

# tcpdump port 80 -n -s 0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes


10:40:39.662780 IP 172.26.0.1.35166 > 172.26.0.2.80: Flags [P.], seq 3330495538:3330495993, ack 2594564324, win 501, options [nop,nop,TS val 1108626414 ecr 3836588442], length 455: HTTP: GET / HTTP/1.1
10:40:39.663229 IP 172.26.0.2.80 > 172.26.0.1.35166: Flags [P.], seq 1:181, ack 455, win 501, options [nop,nop,TS val 3836620070 ecr 1108626414], length 180: HTTP: HTTP/1.1 304 Not Modified
10:40:39.663375 IP 172.26.0.1.35166 > 172.26.0.2.80: Flags [.], ack 181, win 501, options [nop,nop,TS val 1108626415 ecr 3836620070], length 0

pcap に書き出して、 Wireshark でみる

# tcpdump port 80 -n -s 0 -w hoge.pcap

hoge.pcap を TCPストリームで確認した例

GET / HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:83.0) Gecko/20100101 Firefox/83.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: ja,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
If-Modified-Since: Tue, 15 Dec 2020 13:59:38 GMT
If-None-Match: "11111111-264"
Cache-Control: max-age=0

HTTP/1.1 304 Not Modified
Server: nginx/1.19.6
Date: Tue, 29 Dec 2020 10:49:14 GMT
Last-Modified: Tue, 15 Dec 2020 13:59:38 GMT
Connection: keep-alive
If-None-Match: "11111111-264"

おまけ

利用したオプション

       -n     Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
       -w file
              Write the raw packets to file rather than parsing and printing them out.  They can later be printed with the -r option.  Standard output is used if file is ``-''.
       -s snaplen