728x90
반응형
Practice Test - Service Networking
$ k get no -owide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
controlplane Ready control-plane 25m v1.27.0 192.21.135.6 <none> Ubuntu 20.04.5 LTS 5.4.0-1106-gcp containerd://1.6.6
node01 Ready <none> 24m v1.27.0 192.21.135.9 <none> Ubuntu 20.04.5 LTS 5.4.0-1106-gcp containerd://1.6.6
$ ifconfig -a
datapath: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1376
ether a2:70:5b:92:e5:34 txqueuelen 1000 (Ethernet)
RX packets 36 bytes 1996 (1.9 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 192.21.135.6 netmask 255.255.255.0 broadcast 192.21.135.255
ether 02:42:c0:15:87:06 txqueuelen 0 (Ethernet)
RX packets 5578 bytes 1156877 (1.1 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4422 bytes 2652897 (2.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# pod ip 대역 확인 (1)
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: datapath: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1376 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether a2:70:5b:92:e5:34 brd ff:ff:ff:ff:ff:ff
4: weave: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1376 qdisc noqueue state UP group default qlen 1000
link/ether 56:e8:53:e1:1e:e5 brd ff:ff:ff:ff:ff:ff
inet 10.244.0.1/16 brd 10.244.255.255 scope global weave
valid_lft forever preferred_lft forever
# pod ip 대역 확인 (2)
$ k describe po weave-net-wpzcs -n kube-system
...
Environment:
HOSTNAME: (v1:spec.nodeName)
IPALLOC_RANGE: 10.244.0.0/16
INIT_CONTAINER: true
...
# service ip 대역 확인
$ cat /etc/kubernetes/manifests/kube-apiserver.yaml
...
- --service-cluster-ip-range=10.96.0.0/12
- --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
- --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
image: registry.k8s.io/kube-apiserver:v1.27.0
imagePullPolicy: IfNotPresent
...
$ k logs kube-proxy-5496h -n kube-system
I0620 11:12:35.875781 1 node.go:141] Successfully retrieved node IP: 192.21.135.9
I0620 11:12:35.875918 1 server_others.go:110] "Detected node IP" address="192.21.135.9"
I0620 11:12:35.875967 1 server_others.go:551] "Using iptables proxy"
I0620 11:12:35.920351 1 server_others.go:190] "Using iptables Proxier"
I0620 11:12:35.920408 1 server_others.go:197] "kube-proxy running in dual-stack mode" ipFamily=IPv4
I0620 11:12:35.920419 1 server_others.go:198] "Creating dualStackProxier for iptables"
I0620 11:12:35.920449 1 server_others.go:481] "Detect-local-mode set to ClusterCIDR, but no IPv6 cluster CIDR defined, defaulting to no-op detect-local for IPv6"
I0620 11:12:35.920499 1 proxier.go:253] "Setting route_localnet=1 to allow node-ports on localhost; to change this either disable iptables.localhostNodePorts (--iptables-localhost-nodeports) or set nodePortAddresses (--nodeport-addresses) to filter loopback addresses"
$ k get ds -n kube-system
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
kube-proxy 2 2 2 2 2 kubernetes.io/os=linux 33m
weave-net 2 2 2 2 2 <none> 32m
Practice Test - CoreDNS in kubernetes
$ k get po -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-5d78c9869d-bkpj2 1/1 Running 0 3m5s
coredns-5d78c9869d-zn2bk 1/1 Running 0 3m5s
etcd-controlplane 1/1 Running 0 3m22s
kube-apiserver-controlplane 1/1 Running 0 3m21s
kube-controller-manager-controlplane 1/1 Running 0 3m19s
kube-proxy-rm9h8 1/1 Running 0 3m6s
kube-scheduler-controlplane 1/1 Running 0 3m24s
$ k get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 3m41s
$ k describe deploy coredns -n kube-system
Name: coredns
Namespace: kube-system
CreationTimestamp: Tue, 20 Jun 2023 07:43:03 -0400
Labels: k8s-app=kube-dns
Annotations: deployment.kubernetes.io/revision: 1
Selector: k8s-app=kube-dns
Replicas: 2 desired | 2 updated | 2 total | 2 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 1 max unavailable, 25% max surge
Pod Template:
Labels: k8s-app=kube-dns
Service Account: coredns
Containers:
coredns:
Image: registry.k8s.io/coredns/coredns:v1.10.1
Ports: 53/UDP, 53/TCP, 9153/TCP
Host Ports: 0/UDP, 0/TCP, 0/TCP
Args:
-conf
/etc/coredns/Corefile
...
$ k describe cm coredns -n kube-system
Name: coredns
Namespace: kube-system
Labels: <none>
Annotations: <none>
Data
====
Corefile:
----
.:53 {
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
prometheus :9153
forward . /etc/resolv.conf {
max_concurrent 1000
}
cache 30
loop
reload
loadbalance
}
BinaryData
====
Events: <none>
$ k get po -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
hr 1/1 Running 0 10m 10.244.0.5 controlplane <none> <none>
simple-webapp-1 1/1 Running 0 10m 10.244.0.7 controlplane <none> <none>
simple-webapp-122 1/1 Running 0 10m 10.244.0.8 controlplane <none> <none>
test 1/1 Running 0 10m 10.244.0.6 controlplane <none> <none>
$ k get ep
NAME ENDPOINTS AGE
kubernetes 192.23.1.6:6443 13m
test-service 10.244.0.6:8080 10m
web-service 10.244.0.5:80 10m$ k get po -n payroll -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mysql 1/1 Running 0 2m19s 10.244.0.10 controlplane <none> <none>
web 1/1 Running 0 16m 10.244.0.4 controlplane <none> <none>
$ k get ep -n payroll
NAME ENDPOINTS AGE
mysql 10.244.0.10:3306 2m28s
web-service 10.244.0.4:80 16m
$ k get svc -n payroll
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mysql ClusterIP 10.105.253.46 <none> 3306/TCP 2m37s
web-service ClusterIP 10.102.8.236 <none> 80/TCP 16m
$ k get po
NAME READY STATUS RESTARTS AGE
hr 1/1 Running 0 16m
simple-webapp-1 1/1 Running 0 16m
simple-webapp-122 1/1 Running 0 16m
test 1/1 Running 0 16m
webapp-54b76556d-4xmdh 1/1 Running 0 3m12s
$ k edit deploy webapp
...
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
name: webapp
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
name: webapp
spec:
containers:
- env:
- name: DB_Host
value: mysql.payroll
...
$ k replace -f /tmp/kubectl-edit-2303023652.yaml --force
$ k exec -it hr -- nslookup mysql.payroll >> /root/CKA/nslookup.outPractice Test - Ingress Networking
$ k get ns
NAME STATUS AGE
app-space Active 2m
default Active 3m45s
ingress-nginx Active 116s
kube-flannel Active 3m36s
kube-node-lease Active 3m45s
kube-public Active 3m45s
kube-system Active 3m46s
$ k get po -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-8w48m 0/1 Completed 0 119s
ingress-nginx-admission-patch-75zl4 0/1 Completed 1 119s
ingress-nginx-controller-5d48d5445f-zgtn5 1/1 Running 0 119s
$ k get deploy -n ingress-nginx
NAME READY UP-TO-DATE AVAILABLE AGE
ingress-nginx-controller 1/1 1 1 2m21s
$ k get ing -A
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
app-space ingress-wear-watch <none> * 10.100.149.116 80 3m35s
$ k describe ing ingress-wear-watch -n app-space
Name: ingress-wear-watch
Labels: <none>
Namespace: app-space
Address: 10.100.149.116
Ingress Class: <none>
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
*
/wear wear-service:8080 (10.244.0.4:8080)
/watch video-service:8080 (10.244.0.5:8080)
Annotations: nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: false
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 3m47s (x2 over 3m47s) nginx-ingress-controller Scheduled for syncingress 수정
$ k edit ing ingress-wear-watch -n app-space
...
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "false"
creationTimestamp: "2023-06-22T12:45:39Z"
generation: 1
name: ingress-wear-watch
namespace: app-space
resourceVersion: "798"
uid: 2699d398-fb27-40a0-8dc2-63b5a8cc4355
spec:
rules:
- http:
paths:
- backend:
service:
name: wear-service
port:
number: 8080
path: /wear
pathType: Prefix
- backend:
service:
name: video-service
port:
number: 8080
path: /stream
pathType: Prefix
...
## 서비스 추가
$ k get svc -n app-space
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default-backend-service ClusterIP 10.97.121.149 <none> 80/TCP 10m
food-service ClusterIP 10.108.208.50 <none> 8080/TCP 32s
video-service ClusterIP 10.98.158.89 <none> 8080/TCP 10m
wear-service ClusterIP 10.111.202.58 <none> 8080/TCP 10m
$ k edit ing ingress-wear-watch -n app-space
...
spec:
rules:
- http:
paths:
- backend:
service:
name: wear-service
port:
number: 8080
path: /wear
pathType: Prefix
- backend:
service:
name: video-service
port:
number: 8080
path: /stream
pathType: Prefix
- backend:
service:
name: food-service
port:
number: 8080
path: /eat
pathType: Prefix
...ingress 생성
$ k get ns
NAME STATUS AGE
app-space Active 14m
critical-space Active 2m20s
default Active 16m
ingress-nginx Active 14m
kube-flannel Active 16m
kube-node-lease Active 16m
kube-public Active 16m
kube-system Active 16m
$ k get deploy -n critical-space
NAME READY UP-TO-DATE AVAILABLE AGE
webapp-pay 1/1 1 1 2m34s
$ k get svc -n critical-space -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
pay-service ClusterIP 10.100.200.192 <none> 8282/TCP 7m3s app=webapp-pay
$ cat <<EOT > ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-critical
namespace: critical-space
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- pathType: Prefix
path: /pay
backend:
service:
name: pay-service
port:
number: 8282
EOT
$ k apply -f ingress.yaml참고 : https://kubernetes.github.io/ingress-nginx/examples/rewrite/
Practice Test - Ingress Networking 2
ingress controller 설치
$ k create ns ingress-nginx
$ k create cm ingress-nginx-controller -n ingress-nginx
$ k create sa ingress-nginx -n ingress-nginx
$ k create sa ingress-nginx-admission -n ingress-nginx
$ cp /root/ingress-controller.yaml /root/ingress-controller-tmp.yaml
$ vi /root/ingress-controller-tmp.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.1.2
helm.sh/chart: ingress-nginx-4.0.18
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
- --election-id=ingress-controller-leader
- --watch-ingress-without-class=true
- --default-backend-service=app-space/default-http-backend
- --controller-class=k8s.io/ingress-nginx
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- name: http
containerPort: 80
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
- containerPort: 8443
name: webhook
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: true
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
runAsUser: 101
volumeMounts:
- mountPath: /usr/local/certificates/
name: webhook-cert
readOnly: true
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: ingress-nginx
terminationGracePeriodSeconds: 300
volumes:
- name: webhook-cert
secret:
secretName: ingress-nginx-admission
---
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.1.2
helm.sh/chart: ingress-nginx-4.0.18
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
type: NodePort
ports:
- port: 80
protocol: TCP
targetPort: 80
nodePort: 30080
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
type: NodePort
$ k apply -f /root/ingress-controller-tmp.yamlingress 생성
$ cat <<EOT > ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: minimal-ingress
namespace: app-space
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
defaultBackend:
service:
name: default-http-backend
port:
number: 80
rules:
- http:
paths:
- path: /wear
pathType: Prefix
backend:
service:
name: wear-service
port:
number: 8080
- path: /watch
pathType: Prefix
backend:
service:
name: video-service
port:
number: 8080
EOT
$ k apply -f ingress.yaml
728x90
'기타 > 자격증' 카테고리의 다른 글
| [CKA] 자격증 취득 후기 및 준비 방법 (0) | 2023.07.12 |
|---|---|
| [CKA][실습] 10. Troubleshooting (0) | 2023.06.24 |
| [CKA][실습] 9. Networking (0) | 2023.06.19 |
| [CKA][실습] 8. Install (0) | 2023.06.19 |
| [CKA][실습] 7. Storage (0) | 2023.06.12 |