ためすう
private_constant を使ってみる (Ruby)
2021-05-08確認環境
$ bundle exec ruby --version
ruby 2.6.3p62 (2019-04-16 revision 67580) [x86_64-darwin17]調査
a.rb
module Hoge
class A
def display
p 'display'
end
end
class B
def display
A.new.display
end
end
private_constant :A
end
p 'Hoge::B'
Hoge::B.new.display
p '----'
p 'Hoge::A'
# 例外発生
Hoge::A.new出力結果
$ ruby a.rb
"Hoge::B"
"display"
"----"
"Hoge::A"
Traceback (most recent call last):
a.rb:21:in `<main>': private constant Hoge::A referenced (NameError)参考
map を使ってみる (Python)
2021-05-01確認環境
$ python --version
Python 3.6.2 :: Anaconda custom (64-bit)調査
test.py
a = ['1', '2', '3']
print(type(a[0]))
a[0] = int(a[0])
print(type(a[0]))
print('---')
b = ['4', '5']
c = map(int, b)
print(c)
c = list(c)
print(c)出力結果
$ python test.py
<class 'str'>
<class 'int'>
---
<map object at 0x102790780>
[4, 5]参考
str.splitを使ってみる (Python)
2021-04-25確認環境
$ python --version
Python 3.6.2 :: Anaconda custom (64-bit)調査
test.py
n = input().split()
print(n)
print(type(n))
print("---")
a = "a b c"
b = a.split()
print(b)
print(type(b))出力結果
$ python test.py
1 2 3
['1', '2', '3']
<class 'list'>
---
['a', 'b', 'c']
<class 'list'>参考
input() を使ってみる (Python)
2021-04-24やったこと
input() を使ってみます。
確認環境
$ python --version
Python 3.6.2 :: Anaconda custom (64-bit)調査
test.py
n = input()
print(n)
print(type(n))出力結果
$ python test.py
3 4 5
3 4 5
<class 'str'>参考
NodePortのClusterIPを使ってみる (kubernetes)
2021-02-01やったこと
Service の NodePort を使ってみます。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}調査
sample5.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
spec:
replicas: 3
selector:
matchLabels:
app: sample5
template:
metadata:
labels:
app: sample5
spec:
containers:
- name: nginx-container
image: nginx:1.17first-nodeport.yaml
apiVersion: v1
kind: Service
metadata:
name: my-nodeport
spec:
type: NodePort
ports:
- name: "hoge"
protocol: "TCP"
port: 8080
targetPort: 80
nodePort: 30000
selector:
app: sample5$ k apply -f sample5.yaml -f first-nodeport.yaml
deployment.apps/my-deployment created
service/my-nodeport created
$ k get service my-nodeport
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
my-nodeport NodePort 10.105.91.123 <none> 8080:30000/TCP 38s
$ k get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-deployment-5f9fb9cfc8-5626r 1/1 Running 0 5m4s 10.1.0.231 docker-desktop <none> <none>
my-deployment-5f9fb9cfc8-67bmc 1/1 Running 0 5m5s 10.1.0.230 docker-desktop <none> <none>
my-deployment-5f9fb9cfc8-72m6v 1/1 Running 0 5m4s 10.1.0.232 docker-desktop <none> <none>ホストOSから実行します。
$ curl localhost:30000何回かアクセスを繰り返すと、アクセスが振り分けられていることが分かります。
$ k logs -f my-deployment-5f9fb9cfc8-5626r
192.168.65.3 - - [28/Dec/2020:16:35:55 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
192.168.65.3 - - [28/Dec/2020:16:35:56 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
192.168.65.3 - - [28/Dec/2020:16:35:57 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
192.168.65.3 - - [28/Dec/2020:16:36:02 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
^C
$ k logs -f my-deployment-5f9fb9cfc8-67bmc
192.168.65.3 - - [28/Dec/2020:16:35:59 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
192.168.65.3 - - [28/Dec/2020:16:36:00 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
^C
$ k logs -f my-deployment-5f9fb9cfc8-72m6v
192.168.65.3 - - [28/Dec/2020:16:35:49 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
192.168.65.3 - - [28/Dec/2020:16:35:58 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"参考
SealedSecret を使ってみる (kubernetes)
2021-01-24やったこと
SealedSecret を使ってみます。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}調査
インストール
$ brew install kubeseal
$ kubeseal --version
kubeseal version: v0.13.1SealedSecret をインストール
$ k apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.12.5/controller.yaml$ k get secret -n kube-system -l sealedsecrets.bitnami.com/sealed-secrets-key
NAME TYPE DATA AGE
sealed-secrets-key9d899 kubernetes.io/tls 2 5m8sSealsedSecret リソースを作成する
secret-hoge2.yaml
apiVersion: v1
kind: Secret
metadata:
name: first-sealed-secret
type: Opaque
data:
AAA: MTIz
BBB: NDU2
CCC: YWJj$ kubeseal -o yaml < secret-hoge2.yaml > sealed-secret-hoge2.yaml確認
$ k get sealedsecret/first-sealed-secret secret/first-sealed-secret
NAME AGE
sealedsecret.bitnami.com/first-sealed-secret 3m35s
NAME TYPE DATA AGE
secret/first-sealed-secret Opaque 3 3m35sPod を起動して読み込む
sample-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
containers:
- name: nginx-container
image: nginx:1.17
envFrom:
- secretRef:
name: first-sealed-secret$ k apply -f sample-pod.yaml
pod/sample-pod created
$ k exec -it sample-pod -- env
(省略)
AAA=123
BBB=456
CCC=abc
(省略)環境変数が読み込めています。
やったこと
VolumeのemptyDirを使ってみます
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}調査
emptyDir を使ってみる
emptydir.yaml
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
containers:
- name: nginx-container
image: nginx:1.17
volumeMounts:
- mountPath: /cache
name: cache-volume
volumes:
- name: cache-volume
emptyDir:
sizeLimit: 150Mi$ k apply -f emptydir.yaml
pod/sample-pod created
$ k exec -it sample-pod -- df -h | grep cache
/dev/vda1 59G 33G 24G 59% /cachecacheディレクトリに割り当てられることを確認できました。
downwardAPI を使ってみる
Pod と コンテナの情報をファイルを通して、取得します。
downward-api.yaml
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
containers:
- name: nginx-container
image: nginx:1.17
volumeMounts:
- mountPath: /hoge
name: downward-api-volume
volumes:
- name: downward-api-volume
downwardAPI:
items:
- path: "podname"
fieldRef:
fieldPath: metadata.name$ k apply -f downward-api.yaml
pod/sample-pod created
$ k exec -it sample-pod -- ls /hoge
podname
$ k exec -it sample-pod -- cat /hoge/podname
sample-pod参考
Istioを使ってみる (kubernetes)
2021-01-17Istio を使ってみます。
Download
$ curl -L https://istio.io/downloadIstio | sh -Install
$ cd istio-1.8.1
$ ./bin/istioctl version
no running Istio pods in "istio-system"
1.8.1$ ./bin/istioctl install --set profile=demo -y
Detected that your cluster does not support third party JWT authentication. Falling back to less secure first party JWT. See https://istio.io/v1.8/docs/ops/best-practices/security/#configure-third-party-service-account-tokens for details.
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete
$ k label namespace default istio-injection=enabled
namespace/default labeled$ k get namespace -L istio-injection
NAME STATUS AGE ISTIO-INJECTION
default Active 50d enabled
ingress-nginx Active 5d18h
istio-system Active 4m11s disabled
kube-node-lease Active 50d
kube-public Active 50d
kube-system Active 50dapiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment-first
spec:
replicas: 2
selector:
matchLabels:
app: sample3
template:
metadata:
labels:
app: sample3
spec:
containers:
- name: nginx-container
image: nginx:1.17$ k apply -f sample3.yaml
deployment.apps/my-deployment-first created$ k get pods
NAME READY STATUS RESTARTS AGE
my-deployment-first-5b8875c9cb-kstnh 2/2 Running 0 69s
my-deployment-first-5b8875c9cb-vg7hk 2/2 Running 0 69s1回ここで一区切りして、次はチュートリアルのサンプルアプリケーションをデプロイします。
Deploy
$ k apply -f samples/bookinfo/platform/kube/bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created$ k apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
unable to recognize "samples/bookinfo/networking/bookinfo-gateway.yaml": no matches for kind "Gateway" in version "networking.istio.io/v1alpha3"
unable to recognize "samples/bookinfo/networking/bookinfo-gateway.yaml": no matches for kind "VirtualService" in version "networking.istio.io/v1alpha3"Pod の状態確認
$ k get pod
NAME READY STATUS RESTARTS AGE
details-v1-79c697d759-5lvpj 2/2 Running 0 5m36s
productpage-v1-65576bb7bf-vtwxt 2/2 Running 0 5m35s
ratings-v1-7d99676f7f-gf7cz 2/2 Running 0 5m35s
reviews-v1-987d495c-s9mrq 2/2 Running 0 5m36s
reviews-v2-6c5bf657cf-j5cbg 2/2 Running 0 5m36s
reviews-v3-5f7b9f4f77-pdvdf 2/2 Running 0 5m36s$ ./bin/istioctl analyze
✔ No validation issues found when analyzing namespace: default.ブラウザからアクセスする
$ kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}'
80Docker for Desktop を使っている場合
下記にアクセスすると、ページが見れると思います。
http://localhost/productpage参考
ingress-nginx を使ってみる (kubernetes)
2021-01-16やったこと
ingress-nginx を使ってみます。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}調査
Ingressはクラスター外からクラスター内ServiceへのHTTPとHTTPSのルートを公開します。トラフィックのルーティングはIngressリソース上で定義されるルールによって制御されます。
インストール
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.42.0/deploy/static/provider/cloud/deploy.yamlバージョン確認
$ POD_NAMESPACE=ingress-nginx
$ POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=ingress-nginx --field-selector=status.phase=Running -o jsonpath='{.items[0].metadata.name}')
$
$ kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version
-------------------------------------------------------------------------------
NGINX Ingress controller
Release: v0.42.0
Build: e98e48d99abd6e65b761a66ed3a6a093f1ed16ec
Repository: https://github.com/kubernetes/ingress-nginx
nginx version: nginx/1.19.6
-------------------------------------------------------------------------------マニフェストの適用
sample6.yaml
---
apiVersion: v1
kind: Service
metadata:
name: my-ingress
spec:
type: NodePort
ports:
- name: "hoge"
protocol: "TCP"
port: 8080
targetPort: 80
selector:
ingress-app: sample6
---
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
labels:
ingress-app: sample6
spec:
containers:
- name: nginx-container
image: nginx:1.17
---
apiVersion: v1
kind: Service
metadata:
name: my-ingress-default
spec:
type: NodePort
ports:
- name: "hoge"
protocol: "TCP"
port: 8080
targetPort: 80
selector:
ingress-app: default
---
apiVersion: v1
kind: Pod
metadata:
name: sample-pod-default
labels:
ingress-app: default
spec:
containers:
- name: nginx-container
image: nginx:1.17first-nginx-ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: first-nginx-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: localhost
http:
paths:
- path: /hoge
backend:
serviceName: my-ingress
servicePort: 8080
backend:
serviceName: my-ingress-default
servicePort: 8080$ k apply -f sample6.yaml -f first-nginx-ingress.yaml
service/my-ingress created
pod/sample-pod created
service/my-ingress-default created
pod/sample-pod-default created
ingress.networking.k8s.io/first-nginx-ingress created
$ k get ingresses
NAME CLASS HOSTS ADDRESS PORTS AGE
first-nginx-ingress <none> localhost 80 30s色々なURLにアクセスしてみる
$ curl http://localhost/path1/ -H "Host: hoge.com"
$ curl http://localhost/hoge/
$ curl http://localhost/hoge/
$ curl http://localhost/hoge/2
$ curl http://localhost/
$ curl http://localhost/aaa
$ curl http://localhost/hoge/ -H "Host: hoge.com"ログを確認する
$ k get pods
NAME READY STATUS RESTARTS AGE
sample-pod 1/1 Running 0 2m56s
sample-pod-default 1/1 Running 0 2m56s
$ k logs -f sample-pod
2020/12/29 02:49:10 [error] 6#6: *1 "/usr/share/nginx/html/hoge/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/ HTTP/1.1", host: "localhost"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /hoge/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:49:10 [error] 6#6: *2 "/usr/share/nginx/html/hoge/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/ HTTP/1.1", host: "localhost"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /hoge/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /hoge/2 HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:49:10 [error] 6#6: *1 open() "/usr/share/nginx/html/hoge/2" failed (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/2 HTTP/1.1", host: "localhost"
$ k logs -f sample-pod-default
2020/12/29 02:49:10 [error] 7#7: *1 "/usr/share/nginx/html/path1/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /path1/ HTTP/1.1", host: "hoge.com"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /path1/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:49:11 [error] 7#7: *3 open() "/usr/share/nginx/html/aaa" failed (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /aaa HTTP/1.1", host: "localhost"
10.1.0.234 - - [29/Dec/2020:02:49:11 +0000] "GET /aaa HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:50:02 [error] 7#7: *4 "/usr/share/nginx/html/hoge/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/ HTTP/1.1", host: "hoge.com"
10.1.0.234 - - [29/Dec/2020:02:50:02 +0000] "GET /hoge/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"おまけ
ingress controller のログを見る
$ k get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-g48fl 0/1 Completed 0 6d11h
ingress-nginx-admission-patch-trndr 0/1 Completed 0 6d11h
ingress-nginx-controller-bb47df656-w77cx 1/1 Running 0 91m$ k logs -n ingress-nginx ingress-nginx-controller-bb47df656-w77cx参考
Secret を使ってみる (kubernetes)
2021-01-11やったこと
今回は env ファイルから Secret を作成します。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}調査
Secret を作成しておく
sample.env
AAA=123
BBB=456
CCC=abc$ k create secret generic --save-config first-secret --from-env-file ./sample.env
secret/first-secret created$ k get secrets
NAME TYPE DATA AGE
default-token-m6ts6 kubernetes.io/service-account-token 3 49d
first-secret Opaque 3 101sPod に Secret を環境変数で渡す
sample2.yaml
apiVersion: v1
kind: Pod
metadata:
name: first-secret
spec:
containers:
- name: nginx-container
image: nginx:1.17
envFrom:
- secretRef:
name: first-secretコンテナ内では環境変数を読むことができます。
$ k apply -f sample2.yaml
pod/first-secret created
※ 出力結果は抜粋
$ k exec -it first-secret -- env
AAA=123
BBB=456
CCC=abck get コマンドから確認すると、Base64 で値が保存されています。
$ k get secret first-secret -o jsonpath="{.data}"
map[AAA:MTIz BBB:NDU2 CCC:YWJj]