ためすう
やったこと
VolumeのemptyDirを使ってみます
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}調査
emptyDir を使ってみる
emptydir.yaml
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
containers:
- name: nginx-container
image: nginx:1.17
volumeMounts:
- mountPath: /cache
name: cache-volume
volumes:
- name: cache-volume
emptyDir:
sizeLimit: 150Mi$ k apply -f emptydir.yaml
pod/sample-pod created
$ k exec -it sample-pod -- df -h | grep cache
/dev/vda1 59G 33G 24G 59% /cachecacheディレクトリに割り当てられることを確認できました。
downwardAPI を使ってみる
Pod と コンテナの情報をファイルを通して、取得します。
downward-api.yaml
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
spec:
containers:
- name: nginx-container
image: nginx:1.17
volumeMounts:
- mountPath: /hoge
name: downward-api-volume
volumes:
- name: downward-api-volume
downwardAPI:
items:
- path: "podname"
fieldRef:
fieldPath: metadata.name$ k apply -f downward-api.yaml
pod/sample-pod created
$ k exec -it sample-pod -- ls /hoge
podname
$ k exec -it sample-pod -- cat /hoge/podname
sample-pod参考
Istioを使ってみる (kubernetes)
2021-01-17Istio を使ってみます。
Download
$ curl -L https://istio.io/downloadIstio | sh -Install
$ cd istio-1.8.1
$ ./bin/istioctl version
no running Istio pods in "istio-system"
1.8.1$ ./bin/istioctl install --set profile=demo -y
Detected that your cluster does not support third party JWT authentication. Falling back to less secure first party JWT. See https://istio.io/v1.8/docs/ops/best-practices/security/#configure-third-party-service-account-tokens for details.
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete
$ k label namespace default istio-injection=enabled
namespace/default labeled$ k get namespace -L istio-injection
NAME STATUS AGE ISTIO-INJECTION
default Active 50d enabled
ingress-nginx Active 5d18h
istio-system Active 4m11s disabled
kube-node-lease Active 50d
kube-public Active 50d
kube-system Active 50dapiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment-first
spec:
replicas: 2
selector:
matchLabels:
app: sample3
template:
metadata:
labels:
app: sample3
spec:
containers:
- name: nginx-container
image: nginx:1.17$ k apply -f sample3.yaml
deployment.apps/my-deployment-first created$ k get pods
NAME READY STATUS RESTARTS AGE
my-deployment-first-5b8875c9cb-kstnh 2/2 Running 0 69s
my-deployment-first-5b8875c9cb-vg7hk 2/2 Running 0 69s1回ここで一区切りして、次はチュートリアルのサンプルアプリケーションをデプロイします。
Deploy
$ k apply -f samples/bookinfo/platform/kube/bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created$ k apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
unable to recognize "samples/bookinfo/networking/bookinfo-gateway.yaml": no matches for kind "Gateway" in version "networking.istio.io/v1alpha3"
unable to recognize "samples/bookinfo/networking/bookinfo-gateway.yaml": no matches for kind "VirtualService" in version "networking.istio.io/v1alpha3"Pod の状態確認
$ k get pod
NAME READY STATUS RESTARTS AGE
details-v1-79c697d759-5lvpj 2/2 Running 0 5m36s
productpage-v1-65576bb7bf-vtwxt 2/2 Running 0 5m35s
ratings-v1-7d99676f7f-gf7cz 2/2 Running 0 5m35s
reviews-v1-987d495c-s9mrq 2/2 Running 0 5m36s
reviews-v2-6c5bf657cf-j5cbg 2/2 Running 0 5m36s
reviews-v3-5f7b9f4f77-pdvdf 2/2 Running 0 5m36s$ ./bin/istioctl analyze
✔ No validation issues found when analyzing namespace: default.ブラウザからアクセスする
$ kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}'
80Docker for Desktop を使っている場合
下記にアクセスすると、ページが見れると思います。
http://localhost/productpage参考
ingress-nginx を使ってみる (kubernetes)
2021-01-16やったこと
ingress-nginx を使ってみます。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}調査
Ingressはクラスター外からクラスター内ServiceへのHTTPとHTTPSのルートを公開します。トラフィックのルーティングはIngressリソース上で定義されるルールによって制御されます。
インストール
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.42.0/deploy/static/provider/cloud/deploy.yamlバージョン確認
$ POD_NAMESPACE=ingress-nginx
$ POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=ingress-nginx --field-selector=status.phase=Running -o jsonpath='{.items[0].metadata.name}')
$
$ kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version
-------------------------------------------------------------------------------
NGINX Ingress controller
Release: v0.42.0
Build: e98e48d99abd6e65b761a66ed3a6a093f1ed16ec
Repository: https://github.com/kubernetes/ingress-nginx
nginx version: nginx/1.19.6
-------------------------------------------------------------------------------マニフェストの適用
sample6.yaml
---
apiVersion: v1
kind: Service
metadata:
name: my-ingress
spec:
type: NodePort
ports:
- name: "hoge"
protocol: "TCP"
port: 8080
targetPort: 80
selector:
ingress-app: sample6
---
apiVersion: v1
kind: Pod
metadata:
name: sample-pod
labels:
ingress-app: sample6
spec:
containers:
- name: nginx-container
image: nginx:1.17
---
apiVersion: v1
kind: Service
metadata:
name: my-ingress-default
spec:
type: NodePort
ports:
- name: "hoge"
protocol: "TCP"
port: 8080
targetPort: 80
selector:
ingress-app: default
---
apiVersion: v1
kind: Pod
metadata:
name: sample-pod-default
labels:
ingress-app: default
spec:
containers:
- name: nginx-container
image: nginx:1.17first-nginx-ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: first-nginx-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: localhost
http:
paths:
- path: /hoge
backend:
serviceName: my-ingress
servicePort: 8080
backend:
serviceName: my-ingress-default
servicePort: 8080$ k apply -f sample6.yaml -f first-nginx-ingress.yaml
service/my-ingress created
pod/sample-pod created
service/my-ingress-default created
pod/sample-pod-default created
ingress.networking.k8s.io/first-nginx-ingress created
$ k get ingresses
NAME CLASS HOSTS ADDRESS PORTS AGE
first-nginx-ingress <none> localhost 80 30s色々なURLにアクセスしてみる
$ curl http://localhost/path1/ -H "Host: hoge.com"
$ curl http://localhost/hoge/
$ curl http://localhost/hoge/
$ curl http://localhost/hoge/2
$ curl http://localhost/
$ curl http://localhost/aaa
$ curl http://localhost/hoge/ -H "Host: hoge.com"ログを確認する
$ k get pods
NAME READY STATUS RESTARTS AGE
sample-pod 1/1 Running 0 2m56s
sample-pod-default 1/1 Running 0 2m56s
$ k logs -f sample-pod
2020/12/29 02:49:10 [error] 6#6: *1 "/usr/share/nginx/html/hoge/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/ HTTP/1.1", host: "localhost"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /hoge/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:49:10 [error] 6#6: *2 "/usr/share/nginx/html/hoge/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/ HTTP/1.1", host: "localhost"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /hoge/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /hoge/2 HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:49:10 [error] 6#6: *1 open() "/usr/share/nginx/html/hoge/2" failed (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/2 HTTP/1.1", host: "localhost"
$ k logs -f sample-pod-default
2020/12/29 02:49:10 [error] 7#7: *1 "/usr/share/nginx/html/path1/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /path1/ HTTP/1.1", host: "hoge.com"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /path1/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:49:11 [error] 7#7: *3 open() "/usr/share/nginx/html/aaa" failed (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /aaa HTTP/1.1", host: "localhost"
10.1.0.234 - - [29/Dec/2020:02:49:11 +0000] "GET /aaa HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:50:02 [error] 7#7: *4 "/usr/share/nginx/html/hoge/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/ HTTP/1.1", host: "hoge.com"
10.1.0.234 - - [29/Dec/2020:02:50:02 +0000] "GET /hoge/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"おまけ
ingress controller のログを見る
$ k get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-g48fl 0/1 Completed 0 6d11h
ingress-nginx-admission-patch-trndr 0/1 Completed 0 6d11h
ingress-nginx-controller-bb47df656-w77cx 1/1 Running 0 91m$ k logs -n ingress-nginx ingress-nginx-controller-bb47df656-w77cx参考
Secret を使ってみる (kubernetes)
2021-01-11やったこと
今回は env ファイルから Secret を作成します。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}調査
Secret を作成しておく
sample.env
AAA=123
BBB=456
CCC=abc$ k create secret generic --save-config first-secret --from-env-file ./sample.env
secret/first-secret created$ k get secrets
NAME TYPE DATA AGE
default-token-m6ts6 kubernetes.io/service-account-token 3 49d
first-secret Opaque 3 101sPod に Secret を環境変数で渡す
sample2.yaml
apiVersion: v1
kind: Pod
metadata:
name: first-secret
spec:
containers:
- name: nginx-container
image: nginx:1.17
envFrom:
- secretRef:
name: first-secretコンテナ内では環境変数を読むことができます。
$ k apply -f sample2.yaml
pod/first-secret created
※ 出力結果は抜粋
$ k exec -it first-secret -- env
AAA=123
BBB=456
CCC=abck get コマンドから確認すると、Base64 で値が保存されています。
$ k get secret first-secret -o jsonpath="{.data}"
map[AAA:MTIz BBB:NDU2 CCC:YWJj]参考
kubesec を使ってみる (kubernetes)
2021-01-03やったこと
Secret リソースを暗号化するため、kubesec を使ってみます。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}調査
インストール
kubesec のインストール
$ curl -sSL https://github.com/shyiko/kubesec/releases/download/0.9.2/kubesec-0.9.2-darwin-amd64 \
> -o kubesec && chmod a+x kubesec && sudo mv kubesec /usr/local/bin/
Password:
$ kubesec --version
0.9.2gpg のインストール
$ brew install gpg
$ gpg --version
gpg (GnuPG) 2.2.25
libgcrypt 1.8.7
(省略)暗号化
secret-hoge.yaml
apiVersion: v1
kind: Secret
metadata:
name: first-kubesec
type: Opaque
data:
AAA: MTIz
BBB: NDU2
CCC: YWJj$ gpg --gen-key
pub rsa3072 2020-12-27 [SC] [有効期限: 2022-12-27]
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx※ 鍵はxに変換してあります。
標準出力
$ kubesec encrypt --key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx secret-hoge.yaml
ファイル書き換え
$ kubesec encrypt -i --key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx secret-hoge.yaml※ 出力結果は省略します。
復号化
$ kubesec decrypt secret-hoge.yaml
apiVersion: v1
data:
AAA: MTIz
BBB: NDU2
CCC: YWJj
kind: Secret
metadata:
name: first-kubesec
type: Opaque参考
ServiceのClusterIPを使ってみる (kubernetes)
2021-01-03やったこと
Service の ClusterIP を使ってみます。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}調査
first-cluster-ip.yaml
apiVersion: v1
kind: Service
metadata:
name: my-cluster-ip
spec:
type: ClusterIP
ports:
- name: "hoge"
protocol: "TCP"
port: 8080
targetPort: 80
selector:
app: sample5sample5.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
spec:
replicas: 3
selector:
matchLabels:
app: sample5
template:
metadata:
labels:
app: sample5
spec:
containers:
- name: nginx-container
image: nginx:1.17$ k apply -f sample5.yaml -f first-cluster-ip.yaml
deployment.apps/my-deployment created
service/my-cluster-ip created
$ k get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-deployment-5f9fb9cfc8-69w6v 1/1 Running 0 24s 10.1.0.221 docker-desktop <none> <none>
my-deployment-5f9fb9cfc8-c25mg 1/1 Running 0 24s 10.1.0.223 docker-desktop <none> <none>
my-deployment-5f9fb9cfc8-m5qnk 1/1 Running 0 24s 10.1.0.222 docker-desktop <none> <none>
$ k get service my-cluster-ip
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
my-cluster-ip ClusterIP 10.109.253.129 <none> 8080/TCP 6m32s※ 同じクラスタ内のコンテナからアクセス
$ curl -v http://10.109.253.129:8080何回かアクセスを繰り返すと、アクセスが振り分けられていることが分かります。
$ k logs -f my-deployment-5f9fb9cfc8-69w6v
10.1.0.1 - - [28/Dec/2020:16:10:22 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:17:02 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:17:04 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
$ k logs -f my-deployment-5f9fb9cfc8-c25mg
10.1.0.1 - - [28/Dec/2020:16:04:48 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:10:27 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:11:02 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:17:06 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
$ k logs -f my-deployment-5f9fb9cfc8-m5qnk
10.1.0.1 - - [28/Dec/2020:16:04:38 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:17:03 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"参考
ConfigMap を使ってみる (kubernetes)
2021-01-02やったこと
ConfigMap を使ってみます。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}調査
今回は Volume マウントを使って情報を渡します。
ConfigMap の作成
hoge.yaml
aaa:
bbb: 999
ccc:
ddd: 888$ k create configmap --save-config my-configmap --from-file=hoge.yaml
configmap/my-configmap created
$ k get cm
NAME DATA AGE
my-configmap 1 32sPod に Volume マウントしてファイルを渡す
sample3.yaml
apiVersion: v1
kind: Pod
metadata:
name: first-configmap
spec:
containers:
- name: nginx-container
image: nginx:1.17
volumeMounts:
- name: my-tmp-volume
mountPath: /tmp
volumes:
- name: my-tmp-volume
configMap:
name: my-configmap
items:
- key: hoge.yaml
path: hoge_new.yaml$ k apply -f sample3.yaml
pod/first-configmap created
$ k get pod
NAME READY STATUS RESTARTS AGE
first-configmap 1/1 Running 0 5sコンテナからファイルを読み込む。
$ k exec -it first-configmap -- cat /tmp/hoge_new.yaml
aaa:
bbb: 999
ccc:
ddd: 888環境変数を使ってみる (kubernetes)
2021-01-01やったこと
環境変数をコンテナに渡してみます。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}調査
sample.yaml
apiVersion: v1
kind: Pod
metadata:
name: first-env
spec:
containers:
- name: nginx-container
image: nginx:1.17
env:
- name: MY_GREETING
value: "Warm greetings to"
- name: MY_MEM_REQUEST
valueFrom:
resourceFieldRef:
containerName: nginx-container
resource: requests.memoryマニフェストの適用 + 環境変数の確認
$ k apply -f sample.yaml
pod/first-env created
$ k exec -it first-env -- env | grep "MY_"
MY_GREETING=Warm greetings to
MY_MEM_REQUEST=0参考
Job を使ってみる (kubernetes)
2021-01-01やったこと
Job を使ってみます。
確認環境
$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}調査
job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: pi
spec:
template:
spec:
containers:
- name: pi
image: perl
command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(20)"]
restartPolicy: Never
backoffLimit: 4
parallelism: 3
completions: 10$ k apply -f job.yaml
job.batch/pi created$ k get pods --watch
NAME READY STATUS RESTARTS AGE
pi-7x8sv 0/1 ContainerCreating 0 6s
pi-k6mxv 0/1 ContainerCreating 0 6s
pi-tg6cx 0/1 ContainerCreating 0 6s
pi-7x8sv 0/1 Completed 0 108s
pi-8gbgj 0/1 Pending 0 0s
pi-8gbgj 0/1 Pending 0 0s
pi-8gbgj 0/1 ContainerCreating 0 0s
pi-k6mxv 0/1 Completed 0 110s
pi-dtbll 0/1 Pending 0 0s
pi-dtbll 0/1 Pending 0 0s
pi-dtbll 0/1 ContainerCreating 0 0s
pi-tg6cx 0/1 Completed 0 119s
pi-cl6fx 0/1 Pending 0 0s
pi-cl6fx 0/1 Pending 0 0s
pi-cl6fx 0/1 ContainerCreating 0 0s
pi-8gbgj 0/1 Completed 0 17s
... (省略)Job 終了後の結果
$ k get jobs
NAME COMPLETIONS DURATION AGE
pi 10/10 2m34s 11m参考
tcpdump を使ってみる (Unix)
2020-12-31やったこと
man tcpdump より抜粋
tcpdump - dump traffic on a network
調査
前準備
詳細手順は省きます。webサーバーを用意します。
Webブラウザから何度かアクセス
# tcpdump port 80 -n -s 0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:40:39.662780 IP 172.26.0.1.35166 > 172.26.0.2.80: Flags [P.], seq 3330495538:3330495993, ack 2594564324, win 501, options [nop,nop,TS val 1108626414 ecr 3836588442], length 455: HTTP: GET / HTTP/1.1
10:40:39.663229 IP 172.26.0.2.80 > 172.26.0.1.35166: Flags [P.], seq 1:181, ack 455, win 501, options [nop,nop,TS val 3836620070 ecr 1108626414], length 180: HTTP: HTTP/1.1 304 Not Modified
10:40:39.663375 IP 172.26.0.1.35166 > 172.26.0.2.80: Flags [.], ack 181, win 501, options [nop,nop,TS val 1108626415 ecr 3836620070], length 0pcap に書き出して、 Wireshark でみる
# tcpdump port 80 -n -s 0 -w hoge.pcaphoge.pcap を TCPストリームで確認した例
GET / HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:83.0) Gecko/20100101 Firefox/83.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: ja,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
If-Modified-Since: Tue, 15 Dec 2020 13:59:38 GMT
If-None-Match: "11111111-264"
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
Server: nginx/1.19.6
Date: Tue, 29 Dec 2020 10:49:14 GMT
Last-Modified: Tue, 15 Dec 2020 13:59:38 GMT
Connection: keep-alive
If-None-Match: "11111111-264"おまけ
利用したオプション
-n Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
-w file
Write the raw packets to file rather than parsing and printing them out. They can later be printed with the -r option. Standard output is used if file is ``-''.
-s snaplen