ためすう

NodePortのClusterIPを使ってみる (kubernetes)

2021-02-01

やったこと

Service の NodePort を使ってみます。

確認環境

$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

調査

sample5.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: sample5
  template:
    metadata:
      labels:
        app: sample5
    spec:
      containers:
        - name: nginx-container
          image: nginx:1.17

first-nodeport.yaml

apiVersion: v1
kind: Service
metadata:
  name: my-nodeport
spec:
  type: NodePort
  ports:
  - name: "hoge"
    protocol: "TCP"
    port: 8080
    targetPort: 80
    nodePort: 30000
  selector:
    app: sample5
$ k apply -f sample5.yaml -f first-nodeport.yaml
deployment.apps/my-deployment created
service/my-nodeport created

$ k get service my-nodeport
NAME          TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
my-nodeport   NodePort   10.105.91.123   <none>        8080:30000/TCP   38s

$ k get pods -o wide
NAME                             READY   STATUS    RESTARTS   AGE    IP           NODE             NOMINATED NODE   READINESS GATES
my-deployment-5f9fb9cfc8-5626r   1/1     Running   0          5m4s   10.1.0.231   docker-desktop   <none>           <none>
my-deployment-5f9fb9cfc8-67bmc   1/1     Running   0          5m5s   10.1.0.230   docker-desktop   <none>           <none>
my-deployment-5f9fb9cfc8-72m6v   1/1     Running   0          5m4s   10.1.0.232   docker-desktop   <none>           <none>

ホストOSから実行します。

$ curl localhost:30000

何回かアクセスを繰り返すと、アクセスが振り分けられていることが分かります。

$ k logs -f my-deployment-5f9fb9cfc8-5626r
192.168.65.3 - - [28/Dec/2020:16:35:55 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
192.168.65.3 - - [28/Dec/2020:16:35:56 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
192.168.65.3 - - [28/Dec/2020:16:35:57 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
192.168.65.3 - - [28/Dec/2020:16:36:02 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
^C
himejima-no-MacBook-Pro:k8s himejima$ k logs -f my-deployment-5f9fb9cfc8-67bmc
192.168.65.3 - - [28/Dec/2020:16:35:59 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
192.168.65.3 - - [28/Dec/2020:16:36:00 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
^C
himejima-no-MacBook-Pro:k8s himejima$ k logs -f my-deployment-5f9fb9cfc8-72m6v
192.168.65.3 - - [28/Dec/2020:16:35:49 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"
192.168.65.3 - - [28/Dec/2020:16:35:58 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "-"

参考

SealedSecret を使ってみる (kubernetes)

2021-01-24

やったこと

SealedSecret を使ってみます。

確認環境

$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

調査

インストール

$ brew install kubeseal
$ kubeseal --version
kubeseal version: v0.13.1

SealedSecret をインストール

$ k apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.12.5/controller.yaml
$ k get secret -n kube-system -l sealedsecrets.bitnami.com/sealed-secrets-key
NAME                      TYPE                DATA   AGE
sealed-secrets-key9d899   kubernetes.io/tls   2      5m8s

SealsedSecret リソースを作成する

secret-hoge2.yaml

apiVersion: v1
kind: Secret
metadata:
  name: first-sealed-secret
type: Opaque
data:
  AAA: MTIz
  BBB: NDU2
  CCC: YWJj
$ kubeseal -o yaml < secret-hoge2.yaml > sealed-secret-hoge2.yaml

確認

$ k get sealedsecret/first-sealed-secret secret/first-sealed-secret
NAME                                           AGE
sealedsecret.bitnami.com/first-sealed-secret   3m35s

NAME                         TYPE     DATA   AGE
secret/first-sealed-secret   Opaque   3      3m35s

Pod を起動して読み込む

sample-pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: sample-pod
spec:
  containers:
    - name: nginx-container
      image: nginx:1.17
      envFrom:
        - secretRef:
            name: first-sealed-secret
$ k apply -f sample-pod.yaml
pod/sample-pod created
$ k exec -it sample-pod -- env
(省略)
AAA=123
BBB=456
CCC=abc
(省略)

環境変数が読み込めています。

VolumeのemptyDirと、downwardAPIを使ってみる (kubernetes)

2021-01-23

やったこと

VolumeのemptyDirを使ってみます

確認環境

$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

調査

emptyDir を使ってみる

emptydir.yaml

apiVersion: v1
kind: Pod
metadata:
  name: sample-pod
spec:
  containers:
    - name: nginx-container
      image: nginx:1.17
      volumeMounts:
        - mountPath: /cache
          name: cache-volume
  volumes:
    - name: cache-volume
      emptyDir:
        sizeLimit: 150Mi
$ k apply -f emptydir.yaml
pod/sample-pod created

$ k exec -it sample-pod -- df -h | grep cache
/dev/vda1        59G   33G   24G  59% /cache

cacheディレクトリに割り当てられることを確認できました。

downwardAPI を使ってみる

Pod と コンテナの情報をファイルを通して、取得します。

downward-api.yaml

apiVersion: v1
kind: Pod
metadata:
  name: sample-pod
spec:
  containers:
    - name: nginx-container
      image: nginx:1.17
      volumeMounts:
        - mountPath: /hoge
          name: downward-api-volume
  volumes:
    - name: downward-api-volume
      downwardAPI:
        items:
          - path: "podname"
            fieldRef:
              fieldPath: metadata.name
$ k apply -f downward-api.yaml
pod/sample-pod created
$ k exec -it sample-pod -- ls /hoge
podname
$ k exec -it sample-pod -- cat /hoge/podname
sample-pod

参考

Istioを使ってみる (kubernetes)

2021-01-17

Istio を使ってみます。

Download

$ curl -L https://istio.io/downloadIstio | sh -

Install

$ cd istio-1.8.1
$ ./bin/istioctl version
no running Istio pods in "istio-system"
1.8.1
$ ./bin/istioctl install --set profile=demo -y
Detected that your cluster does not support third party JWT authentication. Falling back to less secure first party JWT. See https://istio.io/v1.8/docs/ops/best-practices/security/#configure-third-party-service-account-tokens for details.
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete

$ k label namespace default istio-injection=enabled
namespace/default labeled

$ k get namespace -L istio-injection
NAME              STATUS   AGE     ISTIO-INJECTION
default           Active   50d     enabled
ingress-nginx     Active   5d18h
istio-system      Active   4m11s   disabled
kube-node-lease   Active   50d
kube-public       Active   50d
kube-system       Active   50d
sample3.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment-first
spec:
  replicas: 2
  selector:
    matchLabels:
      app: sample3
  template:
    metadata:
      labels:
        app: sample3
    spec:
      containers:
        - name: nginx-container
          image: nginx:1.17
$ k apply -f sample3.yaml
deployment.apps/my-deployment-first created
$ k get pods
NAME                                   READY   STATUS    RESTARTS   AGE
my-deployment-first-5b8875c9cb-kstnh   2/2     Running   0          69s
my-deployment-first-5b8875c9cb-vg7hk   2/2     Running   0          69s

1回ここで一区切りして、次はチュートリアルのサンプルアプリケーションをデプロイします。

Deploy

$ k apply -f samples/bookinfo/platform/kube/bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created
$ k apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
unable to recognize "samples/bookinfo/networking/bookinfo-gateway.yaml": no matches for kind "Gateway" in version "networking.istio.io/v1alpha3"
unable to recognize "samples/bookinfo/networking/bookinfo-gateway.yaml": no matches for kind "VirtualService" in version "networking.istio.io/v1alpha3"

Pod の状態確認

$ k get pod
NAME                              READY   STATUS    RESTARTS   AGE
details-v1-79c697d759-5lvpj       2/2     Running   0          5m36s
productpage-v1-65576bb7bf-vtwxt   2/2     Running   0          5m35s
ratings-v1-7d99676f7f-gf7cz       2/2     Running   0          5m35s
reviews-v1-987d495c-s9mrq         2/2     Running   0          5m36s
reviews-v2-6c5bf657cf-j5cbg       2/2     Running   0          5m36s
reviews-v3-5f7b9f4f77-pdvdf       2/2     Running   0          5m36s
$ ./bin/istioctl analyze

✔ No validation issues found when analyzing namespace: default.

ブラウザからアクセスする

$ kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}'
80

Docker for Desktop を使っている場合

下記にアクセスすると、ページが見れると思います。

http://localhost/productpage

参考

ingress-nginx を使ってみる (kubernetes)

2021-01-16

やったこと

ingress-nginx を使ってみます。

確認環境

$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

調査

Ingressはクラスター外からクラスター内ServiceへのHTTPとHTTPSのルートを公開します。トラフィックのルーティングはIngressリソース上で定義されるルールによって制御されます。

インストール

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.42.0/deploy/static/provider/cloud/deploy.yaml

バージョン確認

$ POD_NAMESPACE=ingress-nginx
$ POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=ingress-nginx --field-selector=status.phase=Running -o jsonpath='{.items[0].metadata.name}')
$
$ kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version
-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:       v0.42.0
  Build:         e98e48d99abd6e65b761a66ed3a6a093f1ed16ec
  Repository:    https://github.com/kubernetes/ingress-nginx
  nginx version: nginx/1.19.6

-------------------------------------------------------------------------------

マニフェストの適用

sample6.yaml

---
apiVersion: v1
kind: Service
metadata:
  name: my-ingress
spec:
  type: NodePort
  ports:
  - name: "hoge"
    protocol: "TCP"
    port: 8080
    targetPort: 80
  selector:
    ingress-app: sample6
---
apiVersion: v1
kind: Pod
metadata:
  name: sample-pod
  labels:
    ingress-app: sample6
spec:
  containers:
    - name: nginx-container
      image: nginx:1.17
---
apiVersion: v1
kind: Service
metadata:
  name: my-ingress-default
spec:
  type: NodePort
  ports:
  - name: "hoge"
    protocol: "TCP"
    port: 8080
    targetPort: 80
  selector:
    ingress-app: default
---
apiVersion: v1
kind: Pod
metadata:
  name: sample-pod-default
  labels:
    ingress-app: default
spec:
  containers:
    - name: nginx-container
      image: nginx:1.17

first-nginx-ingress.yaml

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: first-nginx-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
  - host: localhost
    http:
      paths:
      - path: /hoge
        backend:
          serviceName: my-ingress
          servicePort: 8080
  backend:
    serviceName: my-ingress-default
    servicePort: 8080
$ k apply -f sample6.yaml -f first-nginx-ingress.yaml
service/my-ingress created
pod/sample-pod created
service/my-ingress-default created
pod/sample-pod-default created
ingress.networking.k8s.io/first-nginx-ingress created


$ k get ingresses
NAME                  CLASS    HOSTS       ADDRESS   PORTS   AGE
first-nginx-ingress   <none>   localhost             80      30s

色々なURLにアクセスしてみる

$ curl http://localhost/path1/ -H "Host: hoge.com"
$ curl http://localhost/hoge/
$ curl http://localhost/hoge/
$ curl http://localhost/hoge/2
$ curl http://localhost/
$ curl http://localhost/aaa
$ curl http://localhost/hoge/ -H "Host: hoge.com"

ログを確認する

$ k get pods
NAME                 READY   STATUS    RESTARTS   AGE
sample-pod           1/1     Running   0          2m56s
sample-pod-default   1/1     Running   0          2m56s

$ k logs -f sample-pod
2020/12/29 02:49:10 [error] 6#6: *1 "/usr/share/nginx/html/hoge/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/ HTTP/1.1", host: "localhost"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /hoge/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:49:10 [error] 6#6: *2 "/usr/share/nginx/html/hoge/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/ HTTP/1.1", host: "localhost"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /hoge/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /hoge/2 HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:49:10 [error] 6#6: *1 open() "/usr/share/nginx/html/hoge/2" failed (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/2 HTTP/1.1", host: "localhost"

$ k logs -f sample-pod-default
2020/12/29 02:49:10 [error] 7#7: *1 "/usr/share/nginx/html/path1/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /path1/ HTTP/1.1", host: "hoge.com"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET /path1/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
10.1.0.234 - - [29/Dec/2020:02:49:10 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:49:11 [error] 7#7: *3 open() "/usr/share/nginx/html/aaa" failed (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /aaa HTTP/1.1", host: "localhost"
10.1.0.234 - - [29/Dec/2020:02:49:11 +0000] "GET /aaa HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"
2020/12/29 02:50:02 [error] 7#7: *4 "/usr/share/nginx/html/hoge/index.html" is not found (2: No such file or directory), client: 10.1.0.234, server: localhost, request: "GET /hoge/ HTTP/1.1", host: "hoge.com"
10.1.0.234 - - [29/Dec/2020:02:50:02 +0000] "GET /hoge/ HTTP/1.1" 404 154 "-" "curl/7.55.1" "192.168.65.3"

おまけ

ingress controller のログを見る

$ k get pods -n ingress-nginx
NAME                                       READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-g48fl       0/1     Completed   0          6d11h
ingress-nginx-admission-patch-trndr        0/1     Completed   0          6d11h
ingress-nginx-controller-bb47df656-w77cx   1/1     Running     0          91m
$ k logs -n ingress-nginx ingress-nginx-controller-bb47df656-w77cx

参考

Secret を使ってみる (kubernetes)

2021-01-11

やったこと

今回は env ファイルから Secret を作成します。

確認環境

$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

調査

Secret を作成しておく

sample.env

AAA=123
BBB=456
CCC=abc
$ k create secret generic --save-config first-secret --from-env-file ./sample.env
secret/first-secret created
$ k get secrets
NAME                  TYPE                                  DATA   AGE
default-token-m6ts6   kubernetes.io/service-account-token   3      49d
first-secret          Opaque                                3      101s

Pod に Secret を環境変数で渡す

sample2.yaml

apiVersion: v1
kind: Pod
metadata:
  name: first-secret
spec:
  containers:
    - name: nginx-container
      image: nginx:1.17
      envFrom:
        - secretRef:
            name: first-secret

コンテナ内では環境変数を読むことができます。

$ k apply -f sample2.yaml
pod/first-secret created

※ 出力結果は抜粋
$ k exec -it first-secret -- env
AAA=123
BBB=456
CCC=abc

k get コマンドから確認すると、Base64 で値が保存されています。

$ k get secret first-secret -o jsonpath="{.data}"
map[AAA:MTIz BBB:NDU2 CCC:YWJj]

参考

kubesec を使ってみる (kubernetes)

2021-01-03

やったこと

Secret リソースを暗号化するため、kubesec を使ってみます。

確認環境

$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

調査

インストール

kubesec のインストール

$ curl -sSL https://github.com/shyiko/kubesec/releases/download/0.9.2/kubesec-0.9.2-darwin-amd64 \
>   -o kubesec && chmod a+x kubesec && sudo mv kubesec /usr/local/bin/
Password:
$ kubesec --version
0.9.2

gpg のインストール

$ brew install gpg
$ gpg --version
gpg (GnuPG) 2.2.25
libgcrypt 1.8.7
(省略)

暗号化

secret-hoge.yaml

apiVersion: v1
kind: Secret
metadata:
  name: first-kubesec
type: Opaque
data:
  AAA: MTIz
  BBB: NDU2
  CCC: YWJj
$ gpg --gen-key
pub   rsa3072 2020-12-27 [SC] [有効期限: 2022-12-27]
      xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

※ 鍵はxに変換してあります。

標準出力
$ kubesec encrypt --key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx secret-hoge.yaml

ファイル書き換え
$ kubesec encrypt -i --key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx secret-hoge.yaml

※ 出力結果は省略します。

復号化

$ kubesec decrypt secret-hoge.yaml
apiVersion: v1
data:
  AAA: MTIz
  BBB: NDU2
  CCC: YWJj
kind: Secret
metadata:
  name: first-kubesec
type: Opaque

参考

ServiceのClusterIPを使ってみる (kubernetes)

2021-01-03

やったこと

Service の ClusterIP を使ってみます。

確認環境

$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

調査

first-cluster-ip.yaml

apiVersion: v1
kind: Service
metadata:
  name: my-cluster-ip
spec:
  type: ClusterIP
  ports:
  - name: "hoge"
    protocol: "TCP"
    port: 8080
    targetPort: 80
  selector:
    app: sample5

sample5.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: sample5
  template:
    metadata:
      labels:
        app: sample5
    spec:
      containers:
        - name: nginx-container
          image: nginx:1.17
$ k apply -f sample5.yaml -f first-cluster-ip.yaml
deployment.apps/my-deployment created
service/my-cluster-ip created

$ k get pods -o wide
NAME                             READY   STATUS    RESTARTS   AGE   IP           NODE             NOMINATED NODE   READINESS GATES
my-deployment-5f9fb9cfc8-69w6v   1/1     Running   0          24s   10.1.0.221   docker-desktop   <none>           <none>
my-deployment-5f9fb9cfc8-c25mg   1/1     Running   0          24s   10.1.0.223   docker-desktop   <none>           <none>
my-deployment-5f9fb9cfc8-m5qnk   1/1     Running   0          24s   10.1.0.222   docker-desktop   <none>           <none>

$ k get service my-cluster-ip
NAME            TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
my-cluster-ip   ClusterIP   10.109.253.129   <none>        8080/TCP   6m32s

※ 同じクラスタ内のコンテナからアクセス

$ curl -v http://10.109.253.129:8080

何回かアクセスを繰り返すと、アクセスが振り分けられていることが分かります。

$ k logs -f my-deployment-5f9fb9cfc8-69w6v
10.1.0.1 - - [28/Dec/2020:16:10:22 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:17:02 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:17:04 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"

$ k logs -f my-deployment-5f9fb9cfc8-c25mg
10.1.0.1 - - [28/Dec/2020:16:04:48 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:10:27 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:11:02 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:17:06 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"

$ k logs -f my-deployment-5f9fb9cfc8-m5qnk
10.1.0.1 - - [28/Dec/2020:16:04:38 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"
10.1.0.1 - - [28/Dec/2020:16:17:03 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.64.0" "-"

参考

ConfigMap を使ってみる (kubernetes)

2021-01-02

やったこと

ConfigMap を使ってみます。

確認環境

$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

調査

今回は Volume マウントを使って情報を渡します。

ConfigMap の作成

hoge.yaml

 aaa:
   bbb: 999
 ccc:
   ddd: 888
$ k create configmap --save-config my-configmap --from-file=hoge.yaml
configmap/my-configmap created
$ k get cm
NAME           DATA   AGE
my-configmap   1      32s

Pod に Volume マウントしてファイルを渡す

sample3.yaml

apiVersion: v1
kind: Pod
metadata:
  name: first-configmap
spec:
  containers:
    - name: nginx-container
      image: nginx:1.17
      volumeMounts:
      - name: my-tmp-volume
        mountPath: /tmp
  volumes:
  - name: my-tmp-volume
    configMap:
      name: my-configmap
      items:
      - key: hoge.yaml
        path: hoge_new.yaml
$ k apply -f sample3.yaml
pod/first-configmap created
$ k get pod
NAME              READY   STATUS    RESTARTS   AGE
first-configmap   1/1     Running   0          5s

コンテナからファイルを読み込む。

$ k exec -it first-configmap -- cat /tmp/hoge_new.yaml
aaa:
  bbb: 999
ccc:
  ddd: 888

環境変数を使ってみる (kubernetes)

2021-01-01

やったこと

環境変数をコンテナに渡してみます。

確認環境

$ k version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

調査

sample.yaml

apiVersion: v1
kind: Pod
metadata:
  name: first-env
spec:
  containers:
    - name: nginx-container
      image: nginx:1.17
      env:
      - name: MY_GREETING
        value: "Warm greetings to"
      - name: MY_MEM_REQUEST
        valueFrom:
          resourceFieldRef:
            containerName: nginx-container
            resource: requests.memory

マニフェストの適用 + 環境変数の確認

$ k apply -f sample.yaml
pod/first-env created
$ k exec -it first-env -- env | grep "MY_"
MY_GREETING=Warm greetings to
MY_MEM_REQUEST=0

参考