Section 2: Core Concepts
12 / 41|3hr 2min
8. Core Concepts Section Introduction
9. Download Presentation Deck for this section
10. Cluster Architecture
Kubernetes Architecture
Master Node
(Manage, Plan, Schedule, Monitor, Nodes)
- ETCD Cluster
- Kube-api Server
- Kube Controller Manager
- Kube-scheduler
Worker Nodes
(Host Application Containers)
- Kubelet
- Kube-proxy
- container Runtime Engine
11. ETCD For Beginner
ETCD is a distributed reliable key-value store that is Simple, Secure & Fast
12. ETCD in Kubernetes
- Nodes / Pods / Configs / Secrets / Accounts / Roles / Bindings / Others
two types of k8s deployment
1. scratch
2. kubeadm tool
- pods / kubectl .. commands
13. ETCD - Commands (Optional)
14. Kube-API Server
15. Kube Controller Manager
- Watch status
- Remediate Situation
16. Kube Scheduler
17. Kubelet
18. Kube Proxy
- service
- IP table rule
19. Recap - PODs
pod : container = 1 : 1
- kubectl
> kubectl run nginx --image nginx
=> pod auto create -> deploy instance of nginx docekr iamge
> kubectl get pods
=> pod status check
20. Pods with YAML
apiVersion
kind
metadata
- dictionary type
spec
single item list -> pod one container
- list/array
> kubectl create -f pod-definitaion.yaml
=> pod 생성
> kubectl describe pod myapp-pod
=> pod에 대한 자세한 정보 확인하기
21. Demo - Pods with YAML
22. Practice Test Introduction
23. Demo: Accession Labs
24 ~ 26. kode kloud
kubectl run redis --image=redis123 --dry-run=client -o yaml > pod.yaml
kubectl apply -f pod.yaml
27. Recap - ReplicaSets
- High Availability
- Load Balancing & Scaling
o Replication Controller
apiVersions: v1
kind: ReplicationController
o Replica Set
apiVersions: apps/v1
kind: ReplicaSet
spec:
selector:
matchLabels:
type:
-> difference: selector
labels and selectors
replica 3 -> 6
1. > kubectl replace -f replicaset-definitaion.yaml (yaml file edit replicas: 3->6)
2. > kubectl scale --replicas=6 -f replicaset-definition.yaml
3. > kubectl scale -replicas=6 replicaset myapp-replicaset (not update yaml file)
commands
> kubectl create -f replicaset-definition.yaml
> kubectl get replicaset
> kubectl delete replicaset myapp-replicaset
> kubectl replace -f replicaset-definition.yaml
> kubectl scale --replicas=5 replicaset "replicaset name"
28. Test - ReplicaSets
29. Test- ReplicaSets Solutions
30. Deployment
Rolling upgrade
Rollback
pod - replica Set - Deployment
> kubectl create -f deployment-definition.yaml
> kubectl get deployments
deployment -> auto create -> replica set
> kubectl get replicaset
> kubectl get pods
commands
> kubectl get all
31. tips
Create an NGINX Pod
kubectl run nginx --image=nginx
Generate POD Manifest YAML file (-o yaml). Don't create it(--dry-run)
kubectl run nginx --image=nginx --dry-run=client -o yaml
Create a deployment
kubectl create deployment --image=nginx nginx
Generate Deployment YAML file (-o yaml). Don't create it(--dry-run)
kubectl create deployment --image=nginx nginx --dry-run=client -o yaml
Generate Deployment YAML file (-o yaml). Don't create it(--dry-run) with 4 Replicas (--replicas=4)
kubectl create deployment --image=nginx nginx --dry-run=client -o yaml > nginx-deployment.yaml
Save it to a file, make necessary changes to the file (for example, adding more replicas) and then create the deployment.
> kubectl create deployment --image=["image name"] [deployment-name] --dry-run=client -o yaml
32. Practice Test - Deployments
33. Solution - Deployments
34. Namespaces
default -create automatically
Isolation, Policies, Resource limits
DNS 이용 방법
db-service [Service Name] . dev [Namespace] . svc [Service] . Cluster.local [Domain]
> kubectl get pods --namespace=kube-system
yaml
metadata:
namespace: ...
Create Namespace
apiVersionn: v1 / kind: Namespace / metadata: name : dev
> kubectl create namespace dev
Switch
> kubectl config set-context $(kubectl config current-context) --namespace=dev
Get All Namespace
> kubectl get pods --all-namespaces
Resource Quota
35. Practice Test - Namespaces
36. Solution - Namespaces
37. Services - NodePort
service란 kubernetes 리소스 타입 중 하나로 각 pod로 트래픽을 포워딩 해주는 프록시 역할을 함.
이 때 selector 라는 것을 이용하여 트래픽을 전달받을 pod를 결정함.
backEnd - fronEnd connecting
- NodePort
단일 노드, 하나의 port를 수신하고 해당 port의 요청을 port로 전달하는 것
1) Target Port -- 2) Port (service aspect) 3) NodePort (External)
클러스터 IP로만 접근이 가능한 것이 아니라, 모든 노드의 IP와 프토를 통해서도 접근이 가능하게 됨.
Create Service
spec:
type: Nodeport
ports:
- targetPort: 80
port: 80
nodePort: 30008
selectors: (my app labels의 값 기재)
패킷의 흐름이 진행되는 이유는 kube-proxy라는 컴포넌트이기 때문임.
쿠버네티스는 리눅스 커널 기능 중 하나인 netfilter와 user space에 존재하는 인터페이스인 iptables라는 소프트웨어를 이용하여 패킷 흐름을 제어함.
netfilter란 Rule-based 패킷 처리 엔진이며, kernel space에 위치하여 모든 오고 가는 패킷의 생명주기를 관찰함.
그리고 규칙에 매칭되는 패킷을 발견하면 미리 정의된 action을 수행함.
iptables는 netfilter를 이용하여 chain rule이라는 규칙을 지정하여 패킷을 포워딩 하도록 네트워크를 설정함.
동일한 포트로 curl 시도하며 동일한 포트를 모든 노드에서 사용할 수 있음
- ClusterIP
- LoadBalancer
38. Services - Cluster IP
k8s cluster에 MSA(Micro Service Architecture) 기반 애플리케이션을 쉽고 효과적으로 배포할 수 있음
각 계층의 다양한 서비스 간의 통신에 영향을 주지 않음
디폴트 설정으로, 서비스에 클러스터 IP (내부 IP)를 할당한다.
쿠버네티스 클러스터 내에서는 이 서비스에 접근이 가능하지만, 클러스터 외부에서는 외부 IP를 할당 받지 못했기 때문에, 접근이 불가능함.
39. Services - Loadbalancer
보통 클라우드 벤터에서 제공하는 설정 방식으로, 외부 IP를 가지고 있는 로드 벨런서를 할당함.
외부 IP를 가지고 있기 때문에, 클러스터 외부에서 접근이 가능함.
조금 더 자세한 설명 참고
쿠버네티스 #7 - 서비스 (Service)
쿠버네티스 #7 서비스 (service) 조대협 (http://bcho.tistory.com) Service 쿠버네티스 서비스에 대해서 자세하게 살펴보도록 한다. Pod의 경우에 지정되는 Ip가 랜덤하게 지정이 되고 리스타트 때마다 변하
bcho.tistory.com
40. Practice Test - Services
41. Solution - Services (optional)
42. Imperative vs Declarative
Imperative 명령형 - 단계별 지침을 제공
create objects
update objects
yaml 을 처리할 필요가 없으므로 빠르게 실행됨
각 사용자마다 실행하는 명령어 환경이 다름
자격증 시험을 위해서는 명령형 사용하는 것 연습해야함
Declarative 선언형 - 최종 목적지만 선언, 단계별 지침 제공하지 않음 / 우리의 요구사항 선언
> kubectl apply -f nginx.yaml
개체가 이미 존재하거나 업데이트를 적용할 수 없다는 오류가 실제로 발생하지 않음
Exam Tips
Create Objects
> kubectl apply -f nginx.yaml
> kubectl run --image=nginx nginx
> kubectl create deployment --image=nginx nginx
> kubectl expose deployment nginx --port 80
Update Objects
> kubectl apply -f nginx.yaml
> kubectl edit deployment nginx
> kubectl scale deployment nginx --replicase=5
> kubectl set image deployment nginx nginx=nginx:1.18
43. Certification Tips - Imperative Commands with Kubectl
While you would be working mostly the declarative way - using definition files, imperative commands can help in getting one time tasks done quickly, as well as generate a definition template easily.
This would help save a considerable amount of time during your exams.
Before we begin, familiarize with the two options that can come in handy while working with the below commands:
--dry-run: By default as soon as the command is run, the resource will be created. If you simply want to test your command, use the --dry-run=client option. This will not create the resource, instead, tell you whether the resource can be created and if your command is right.
-o yaml: This will output the resource definition in YAML format on the screen.
Use the above two in combination to generate a resource definition file quickly, that you can then modify and create resources as required, instead of creating the files from scratch.
- POD
Create an NGINX Pod
kubectl run nginx --image=nginx
Generate POD Manifest YAML file (-o yaml). Don't create it(--dry-run)
kubectl run nginx --image=nginx --dry-run=client -o yaml- Deployment
Create a deployment
kubectl create deployment --image=nginx nginx
Generate Deployment YAML file (-o yaml). Don't create it(--dry-run)
kubectl create deployment --image=nginx nginx --dry-run -o yaml
Generate Deployment with 4 Replicas
kubectl create deployment nginx --image=nginx --replicas=4
You can also scale a deployment using the kubectl scale command.
kubectl scale deployment nginx --replicas=4
Another way to do this is to save the YAML definition to a file.
kubectl create deployment nginx --image=nginx--dry-run=client -o yaml > nginx-deployment.yamlYou can then update the YAML file with the replicas or any other field before creating the deployment.
- Service
Create a Service named redis-service of type ClusterIP to expose pod redis on port 6379
kubectl expose pod redis --port=6379 --name redis-service --dry-run=client -o yaml(This will automatically use the pod's labels as selectors)
Or
kubectl create service clusterip redis --tcp=6379:6379 --dry-run=client -o yaml(This will not use the pods labels as selectors, instead it will assume selectors as app=redis. You cannot pass in selectors as an option. So it does not work very well if your pod has a different label set. So generate the file and modify the selectors before creating the service)
Create a Service named nginx of type NodePort to expose pod nginx's port 80 on port 30080 on the nodes:
kubectl expose pod nginx --port=80 --name nginx-service --type=NodePort --dry-run=client -o yaml(This will automatically use the pod's labels as selectors, but you cannot specify the node port. You have to generate a definition file and then add the node port in manually before creating the service with the pod.)
Or
kubectl create service nodeport nginx --tcp=80:80 --node-port=30080 --dry-run=client -o yaml(This will not use the pods labels as selectors)
Both the above commands have their own challenges. While one of it cannot accept a selector the other cannot accept a node port. I would recommend going with the `kubectl expose` command. If you need to specify a node port, generate a definition file using the same command and manually input the nodeport before creating the service.
Reference:
https://kubernetes.io/docs/reference/kubectl/conventions/
44. Practice Test - Imperative Commands
45. Solution - Imperative Commands (optional)
46. Kubectl Apply Command
Local file (.yaml)-> Last applied Configuration (.json) -> Kubernetes
> kubectl apply -f nginx.yaml
47, 48. End
Udemy 한글자막 javascript code
if(typeof window.i!=='undefined'){clearInterval(window.i)}else{let lastText='';function check(){let toEl=$('.well--container--2edq4 span');let fromEl=$('p[data-purpose="transcript-cue-active"] span');let currentText=fromEl.html();if(lastText!==currentText){toEl.html(currentText)}lastText=fromEl.html()}window.i=setInterval(check,200)}
Kubectl 자동완성 명령어
echo "source <(kubectl completion bash)" >> ~/.bashrc
alias k=kubectl
complete -F __start_kubectl k
ahmetb/kubernetes-network-policy-recipes
Example recipes for Kubernetes Network Policies that you can just copy paste - ahmetb/kubernetes-network-policy-recipes
github.com
'자격증 > CKA' 카테고리의 다른 글
| CKA - Section 6: Cluster Maintenance (0) | 2021.03.17 |
|---|---|
| CKA - Section 5: Application Lifecycle Management (0) | 2021.03.15 |
| CKA - Section 4: Logging & Monitoring (0) | 2021.03.05 |
| CKA - Section 3: Scheduling (0) | 2021.03.02 |