ためすう
NodePortのClusterIPを使ってみる (kubernetes)
2021-02-01やったこと
Service の NodePort を使ってみます。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
調査
sample5.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
spec:
replicas: 3
selector:
matchLabels:
app: sample5
template:
metadata:
labels:
app: sample5
spec:
containers:
- name: nginx-container
image: nginx:1.17
first-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: my-nodeport
spec:
type: NodePort
ports:
- name: "hoge"
protocol: "TCP"
port: 8080
targetPort: 80
nodePort: 30000
selector:
app: sample5
$ k apply -f sample5.yaml -f first-nodeport.yaml
deployment.apps/my-deployment created
service/my-nodeport created
$ k get service my-nodeport
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
my-nodeport NodePort 10.105.91.123 <none> 8080:30000/TCP 38s
$ k get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-deployment-5f9fb9cfc8-5626r 1/1 Running 0 5m4s 10.1.0.231 docker-desktop <none> <none>
my-deployment-5f9fb9cfc8-67bmc 1/1 Running 0 5m5s 10.1.0.230 docker-desktop <none> <none>
my-deployment-5f9fb9cfc8-72m6v 1/1 Running 0 5m4s 10.1.0.232 docker-desktop <none> <none>
ホストOSから実行します。
$ curl localhost:30000
何回かアクセスを繰り返すと、アクセスが振り分けられていることが分かります。
$ k logs -f my-deployment-5f9fb9cfc8-5626r
192.168.65.3 - - [28/Dec/2020:16:35:55 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
192.168.65.3 - - [28/Dec/2020:16:35:56 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
192.168.65.3 - - [28/Dec/2020:16:35:57 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
192.168.65.3 - - [28/Dec/2020:16:36:02 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
^C
himejima-no-MacBook-Pro:k8s himejima$ k logs -f my-deployment-5f9fb9cfc8-67bmc
192.168.65.3 - - [28/Dec/2020:16:35:59 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
192.168.65.3 - - [28/Dec/2020:16:36:00 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
^C
himejima-no-MacBook-Pro:k8s himejima$ k logs -f my-deployment-5f9fb9cfc8-72m6v
192.168.65.3 - - [28/Dec/2020:16:35:49 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
192.168.65.3 - - [28/Dec/2020:16:35:58 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
参考
SealedSecret を使ってみる (kubernetes)
2021-01-24やったこと
SealedSecret を使ってみます。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
調査
インストール
$ brew install kubeseal
$ kubeseal --version
kubeseal version: v0.13.1
SealedSecret をインストール
$ k apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.12.5/controller.yaml
$ k get secret -n kube-system -l sealedsecrets.bitnami.com/sealed-secrets-key
NAME TYPE DATA AGE
sealed-secrets-key9d899 kubernetes.io/tls 2 5m8s
SealsedSecret リソースを作成する
secret-hoge2.yaml
apiVersion: v1
kind: Secret
metadata:
name: first-sealed-secret
type: Opaque
data:
AAA: MTIz
BBB: NDU2
CCC: YWJj
$ kubeseal -o yaml < secret-hoge2.yaml > sealed-secret-hoge2.yaml
確認
$ k get sealedsecret/first-sealed-secret secret/first-sealed-secret
NAME AGE
sealedsecret.bitnami.com/first-sealed-secret 3m35s
NAME TYPE DATA AGE
secret/first-sealed-secret Opaque 3 3m35s
Pod を起動して読み込む
sample-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
containers:
- name: nginx-container
image: nginx:1.17
envFrom:
- secretRef:
name: first-sealed-secret
$ k apply -f sample-pod.yaml
pod/sample-pod created
$ k exec -it sample-pod -- env
(省略)
AAA=123
BBB=456
CCC=abc
(省略)
環境変数が読み込めています。
やったこと
VolumeのemptyDirを使ってみます
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
調査
emptyDir を使ってみる
emptydir.yaml
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
containers:
- name: nginx-container
image: nginx:1.17
volumeMounts:
- mountPath: /cache
name: cache-volume
volumes:
- name: cache-volume
emptyDir:
sizeLimit: 150Mi
$ k apply -f emptydir.yaml
pod/sample-pod created
$ k exec -it sample-pod -- df -h | grep cache
/dev/vda1 59G 33G 24G 59% /cache
cacheディレクトリに割り当てられることを確認できました。
downwardAPI を使ってみる
Pod と コンテナの情報をファイルを通して、取得します。
downward-api.yaml
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
containers:
- name: nginx-container
image: nginx:1.17
volumeMounts:
- mountPath: /hoge
name: downward-api-volume
volumes:
- name: downward-api-volume
downwardAPI:
items:
- path: "podname"
fieldRef:
fieldPath: metadata.name
$ k apply -f downward-api.yaml
pod/sample-pod created
$ k exec -it sample-pod -- ls /hoge
podname
$ k exec -it sample-pod -- cat /hoge/podname
sample-pod
参考
Istioを使ってみる (kubernetes)
2021-01-17Istio を使ってみます。
Download
$ curl -L https://istio.io/downloadIstio | sh -
Install
$ cd istio-1.8.1
$ ./bin/istioctl version
no running Istio pods in "istio-system"
1.8.1
$ ./bin/istioctl install --set profile=demo -y
Detected that your cluster does not support third party JWT authentication. Falling back to less secure first party JWT. See https://istio.io/v1.8/docs/ops/best-practices/security/#configure-third-party-service-account-tokens for details.
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete
$ k label namespace default istio-injection=enabled
namespace/default labeled
$ k get namespace -L istio-injection
NAME STATUS AGE ISTIO-INJECTION
default Active 50d enabled
ingress-nginx Active 5d18h
istio-system Active 4m11s disabled
kube-node-lease Active 50d
kube-public Active 50d
kube-system Active 50d
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment-first
spec:
replicas: 2
selector:
matchLabels:
app: sample3
template:
metadata:
labels:
app: sample3
spec:
containers:
- name: nginx-container
image: nginx:1.17
$ k apply -f sample3.yaml
deployment.apps/my-deployment-first created
$ k get pods
NAME READY STATUS RESTARTS AGE
my-deployment-first-5b8875c9cb-kstnh 2/2 Running 0 69s
my-deployment-first-5b8875c9cb-vg7hk 2/2 Running 0 69s
1回ここで一区切りして、次はチュートリアルのサンプルアプリケーションをデプロイします。
Deploy
$ k apply -f samples/bookinfo/platform/kube/bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created
$ k apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
unable to recognize "samples/bookinfo/networking/bookinfo-gateway.yaml": no matches for kind "Gateway" in version "networking.istio.io/v1alpha3"
unable to recognize "samples/bookinfo/networking/bookinfo-gateway.yaml": no matches for kind "VirtualService" in version "networking.istio.io/v1alpha3"
Pod の状態確認
$ k get pod
NAME READY STATUS RESTARTS AGE
details-v1-79c697d759-5lvpj 2/2 Running 0 5m36s
productpage-v1-65576bb7bf-vtwxt 2/2 Running 0 5m35s
ratings-v1-7d99676f7f-gf7cz 2/2 Running 0 5m35s
reviews-v1-987d495c-s9mrq 2/2 Running 0 5m36s
reviews-v2-6c5bf657cf-j5cbg 2/2 Running 0 5m36s
reviews-v3-5f7b9f4f77-pdvdf 2/2 Running 0 5m36s
$ ./bin/istioctl analyze
✔ No validation issues found when analyzing namespace: default.
ブラウザからアクセスする
$ kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}'
80
Docker for Desktop を使っている場合
下記にアクセスすると、ページが見れると思います。
http://localhost/productpage
参考
ingress-nginx を使ってみる (kubernetes)
2021-01-16やったこと
ingress-nginx を使ってみます。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
調査
Ingressはクラスター外からクラスター内ServiceへのHTTPとHTTPSのルートを公開します。トラフィックのルーティングはIngressリソース上で定義されるルールによって制御されます。
インストール
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.42.0/deploy/static/provider/cloud/deploy.yaml
バージョン確認
$ POD_NAMESPACE=ingress-nginx
$ POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=ingress-nginx --field-selector=status.phase=Running -o jsonpath='{.items[0].metadata.name}')
$
$ kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version
-------------------------------------------------------------------------------
NGINX Ingress controller
Release: v0.42.0
Build: e98e48d99abd6e65b761a66ed3a6a093f1ed16ec
Repository: https://github.com/kubernetes/ingress-nginx
nginx version: nginx/1.19.6
-------------------------------------------------------------------------------
マニフェストの適用
sample6.yaml
---
apiVersion: v1
kind: Service
metadata:
name: my-ingress
spec:
type: NodePort
ports:
- name: "hoge"
protocol: "TCP"
port: 8080
targetPort: 80
selector:
ingress-app: sample6
---
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
labels:
ingress-app: sample6
spec:
containers:
- name: nginx-container
image: nginx:1.17
---
apiVersion: v1
kind: Service
metadata:
name: my-ingress-default
spec:
type: NodePort
ports:
- name: "hoge"
protocol: "TCP"
port: 8080
targetPort: 80
selector:
ingress-app: default
---
apiVersion: v1
kind: Pod
metadata:
name: sample-pod-default
labels:
ingress-app: default
spec:
containers:
- name: nginx-container
image: nginx:1.17
first-nginx-ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: first-nginx-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: localhost
http:
paths:
- path: /hoge
backend:
serviceName: my-ingress
servicePort: 8080
backend:
serviceName: my-ingress-default
servicePort: 8080
$ k apply -f sample6.yaml -f first-nginx-ingress.yaml
service/my-ingress created
pod/sample-pod created
service/my-ingress-default created
pod/sample-pod-default created
ingress.networking.k8s.io/first-nginx-ingress created
$ k get ingresses
NAME CLASS HOSTS ADDRESS PORTS AGE
first-nginx-ingress <none> localhost 80 30s
色々なURLにアクセスしてみる
$ curl http://localhost/path1/ -H "Host: hoge.com"
$ curl http://localhost/hoge/
$ curl http://localhost/hoge/
$ curl http://localhost/hoge/2
$ curl http://localhost/
$ curl http://localhost/aaa
$ curl http://localhost/hoge/ -H "Host: hoge.com"
ログを確認する
$ k get pods
NAME READY STATUS RESTARTS AGE
sample-pod 1/1 Running 0 2m56s
sample-pod-default 1/1 Running 0 2m56s
$ k logs -f sample-pod
2020/12/29 02:49:10 [error] 6#6: *1 "/usr/share/nginx/html/hoge/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/ HTTP/1.1", host: "localhost"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /hoge/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:49:10 [error] 6#6: *2 "/usr/share/nginx/html/hoge/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/ HTTP/1.1", host: "localhost"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /hoge/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /hoge/2 HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:49:10 [error] 6#6: *1 open() "/usr/share/nginx/html/hoge/2" failed (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/2 HTTP/1.1", host: "localhost"
$ k logs -f sample-pod-default
2020/12/29 02:49:10 [error] 7#7: *1 "/usr/share/nginx/html/path1/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /path1/ HTTP/1.1", host: "hoge.com"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /path1/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:49:11 [error] 7#7: *3 open() "/usr/share/nginx/html/aaa" failed (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /aaa HTTP/1.1", host: "localhost"
10.1.0.234 - - [29/Dec/2020:02:49:11 +0000] "GET /aaa HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:50:02 [error] 7#7: *4 "/usr/share/nginx/html/hoge/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/ HTTP/1.1", host: "hoge.com"
10.1.0.234 - - [29/Dec/2020:02:50:02 +0000] "GET /hoge/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
おまけ
ingress controller のログを見る
$ k get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-g48fl 0/1 Completed 0 6d11h
ingress-nginx-admission-patch-trndr 0/1 Completed 0 6d11h
ingress-nginx-controller-bb47df656-w77cx 1/1 Running 0 91m
$ k logs -n ingress-nginx ingress-nginx-controller-bb47df656-w77cx
参考
Secret を使ってみる (kubernetes)
2021-01-11やったこと
今回は env ファイルから Secret を作成します。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
調査
Secret を作成しておく
sample.env
AAA=123
BBB=456
CCC=abc
$ k create secret generic --save-config first-secret --from-env-file ./sample.env
secret/first-secret created
$ k get secrets
NAME TYPE DATA AGE
default-token-m6ts6 kubernetes.io/service-account-token 3 49d
first-secret Opaque 3 101s
Pod に Secret を環境変数で渡す
sample2.yaml
apiVersion: v1
kind: Pod
metadata:
name: first-secret
spec:
containers:
- name: nginx-container
image: nginx:1.17
envFrom:
- secretRef:
name: first-secret
コンテナ内では環境変数を読むことができます。
$ k apply -f sample2.yaml
pod/first-secret created
※ 出力結果は抜粋
$ k exec -it first-secret -- env
AAA=123
BBB=456
CCC=abc
k get
コマンドから確認すると、Base64 で値が保存されています。
$ k get secret first-secret -o jsonpath="{.data}"
map[AAA:MTIz BBB:NDU2 CCC:YWJj]
参考
kubesec を使ってみる (kubernetes)
2021-01-03やったこと
Secret リソースを暗号化するため、kubesec を使ってみます。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
調査
インストール
kubesec のインストール
$ curl -sSL https://github.com/shyiko/kubesec/releases/download/0.9.2/kubesec-0.9.2-darwin-amd64 \
> -o kubesec && chmod a+x kubesec && sudo mv kubesec /usr/local/bin/
Password:
$ kubesec --version
0.9.2
gpg のインストール
$ brew install gpg
$ gpg --version
gpg (GnuPG) 2.2.25
libgcrypt 1.8.7
(省略)
暗号化
secret-hoge.yaml
apiVersion: v1
kind: Secret
metadata:
name: first-kubesec
type: Opaque
data:
AAA: MTIz
BBB: NDU2
CCC: YWJj
$ gpg --gen-key
pub rsa3072 2020-12-27 [SC] [有効期限: 2022-12-27]
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
※ 鍵はxに変換してあります。
標準出力
$ kubesec encrypt --key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx secret-hoge.yaml
ファイル書き換え
$ kubesec encrypt -i --key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx secret-hoge.yaml
※ 出力結果は省略します。
復号化
$ kubesec decrypt secret-hoge.yaml
apiVersion: v1
data:
AAA: MTIz
BBB: NDU2
CCC: YWJj
kind: Secret
metadata:
name: first-kubesec
type: Opaque
参考
ServiceのClusterIPを使ってみる (kubernetes)
2021-01-03やったこと
Service の ClusterIP を使ってみます。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
調査
first-cluster-ip.yaml
apiVersion: v1
kind: Service
metadata:
name: my-cluster-ip
spec:
type: ClusterIP
ports:
- name: "hoge"
protocol: "TCP"
port: 8080
targetPort: 80
selector:
app: sample5
sample5.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
spec:
replicas: 3
selector:
matchLabels:
app: sample5
template:
metadata:
labels:
app: sample5
spec:
containers:
- name: nginx-container
image: nginx:1.17
$ k apply -f sample5.yaml -f first-cluster-ip.yaml
deployment.apps/my-deployment created
service/my-cluster-ip created
$ k get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-deployment-5f9fb9cfc8-69w6v 1/1 Running 0 24s 10.1.0.221 docker-desktop <none> <none>
my-deployment-5f9fb9cfc8-c25mg 1/1 Running 0 24s 10.1.0.223 docker-desktop <none> <none>
my-deployment-5f9fb9cfc8-m5qnk 1/1 Running 0 24s 10.1.0.222 docker-desktop <none> <none>
$ k get service my-cluster-ip
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
my-cluster-ip ClusterIP 10.109.253.129 <none> 8080/TCP 6m32s
※ 同じクラスタ内のコンテナからアクセス
$ curl -v http://10.109.253.129:8080
何回かアクセスを繰り返すと、アクセスが振り分けられていることが分かります。
$ k logs -f my-deployment-5f9fb9cfc8-69w6v
10.1.0.1 - - [28/Dec/2020:16:10:22 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:17:02 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:17:04 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
$ k logs -f my-deployment-5f9fb9cfc8-c25mg
10.1.0.1 - - [28/Dec/2020:16:04:48 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:10:27 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:11:02 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:17:06 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
$ k logs -f my-deployment-5f9fb9cfc8-m5qnk
10.1.0.1 - - [28/Dec/2020:16:04:38 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:17:03 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
参考
ConfigMap を使ってみる (kubernetes)
2021-01-02やったこと
ConfigMap を使ってみます。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
調査
今回は Volume マウントを使って情報を渡します。
ConfigMap の作成
hoge.yaml
aaa:
bbb: 999
ccc:
ddd: 888
$ k create configmap --save-config my-configmap --from-file=hoge.yaml
configmap/my-configmap created
$ k get cm
NAME DATA AGE
my-configmap 1 32s
Pod に Volume マウントしてファイルを渡す
sample3.yaml
apiVersion: v1
kind: Pod
metadata:
name: first-configmap
spec:
containers:
- name: nginx-container
image: nginx:1.17
volumeMounts:
- name: my-tmp-volume
mountPath: /tmp
volumes:
- name: my-tmp-volume
configMap:
name: my-configmap
items:
- key: hoge.yaml
path: hoge_new.yaml
$ k apply -f sample3.yaml
pod/first-configmap created
$ k get pod
NAME READY STATUS RESTARTS AGE
first-configmap 1/1 Running 0 5s
コンテナからファイルを読み込む。
$ k exec -it first-configmap -- cat /tmp/hoge_new.yaml
aaa:
bbb: 999
ccc:
ddd: 888
環境変数を使ってみる (kubernetes)
2021-01-01やったこと
環境変数をコンテナに渡してみます。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
調査
sample.yaml
apiVersion: v1
kind: Pod
metadata:
name: first-env
spec:
containers:
- name: nginx-container
image: nginx:1.17
env:
- name: MY_GREETING
value: "Warm greetings to"
- name: MY_MEM_REQUEST
valueFrom:
resourceFieldRef:
containerName: nginx-container
resource: requests.memory
マニフェストの適用 + 環境変数の確認
$ k apply -f sample.yaml
pod/first-env created
$ k exec -it first-env -- env | grep "MY_"
MY_GREETING=Warm greetings to
MY_MEM_REQUEST=0