[CKA][실습] 4. Application Lifecycle Management (2)

Practice Test - Env Variables

$ k get po webapp-color -o yaml >> pod.yaml
## env 값 변경(pink -> green)
$ vi pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2023-02-19T05:27:47Z"
  labels:
    name: webapp-color
  name: webapp-color
  namespace: default
  resourceVersion: "1004"
  uid: df82c20b-2e0b-405f-87d1-ab206c40ae7a
spec:
  containers:
  - env:
    - name: APP_COLOR
      value: green
    image: kodekloud/webapp-color
...
## pod 재생성
$ k replace -f pod.yaml  --force
pod "webapp-color" deleted
pod/webapp-color replaced

$ k get cm
NAME               DATA   AGE
kube-root-ca.crt   1      29m
db-config          3      9s

• ConfigMap 생성

apiVersion: v1
data:
  APP_COLOR: darkblue
kind: ConfigMap
metadata:
  name: webapp-config-map
  namespace: default

• 환경변수 ConfigMap 참조로 수정

$ k get po webapp-color -o yaml >> pod-cm.yaml
$ vi pod-cm.yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2023-02-19T05:36:16Z"
  labels:
    name: webapp-color
  name: webapp-color
  namespace: default
  resourceVersion: "1173"
  uid: e84a0b00-f5b5-4bae-8871-f420a4779743
spec:
  containers:
  - env:
    - name: APP_COLOR
      valueFrom:
        configMapKeyRef:
          name: webapp-config-map
          key: APP_COLOR
    image: kodekloud/webapp-color
 ...
 
 $ k repace -f pod-cm.yaml --force

---

Practice Test - secrets

secret 생성

• [방법 1] kubectl create secret 명령어

## secret 생성 명령어 확인
$ k create secret generic -h
Create a secret based on a file, directory, or specified literal value.

 A single secret may package one or more key/value pairs.

 When creating a secret based on a file, the key will default to the basename of
the file, and the value will default to the file content. If the basename is an
invalid key or you wish to chose your own, you may specify an alternate key.

 When creating a secret based on a directory, each file whose basename is a
valid key in the directory will be packaged into the secret. Any directory
entries except regular files are ignored (e.g. subdirectories, symlinks,
devices, pipes, etc).

Examples:
  # Create a new secret named my-secret with keys for each file in folder bar
  kubectl create secret generic my-secret --from-file=path/to/bar
  
  # Create a new secret named my-secret with specified keys instead of names on
disk
  kubectl create secret generic my-secret
--from-file=ssh-privatekey=path/to/id_rsa
--from-file=ssh-publickey=path/to/id_rsa.pub
  
  # Create a new secret named my-secret with key1=supersecret and key2=topsecret
  kubectl create secret generic my-secret --from-literal=key1=supersecret
--from-literal=key2=topsecret

## secret 생성
k create secret generic db-secret --from-literal=DB_Host=sql01 --from-literal=DB_User=root --from-literal=DB_Password=password123

• [방법 2] secret yaml 파일 (echo -n 'password123' | base64 처럼 encode 한 값을 기재해야 함)

apiVersion: v1
kind: Secret
metadata:
  name: db-secret
data:
  DB_Host: c3FsMDE=
  DB_User: cm9vdA==
  DB_Password: cGFzc3dvcmQxMjM=

• Pod에서 secret 참조하게 수정 (문서)

$ k get po webapp-pod -o yaml >> pod-secret.yaml
$ vi pod-secret.yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2023-02-19T05:58:22Z"
  labels:
    name: webapp-pod
  name: webapp-pod
  namespace: default
  resourceVersion: "891"
  uid: 02a8a2a6-f271-4c00-9c1c-96f19ebb2940
spec:
  containers:
  - image: kodekloud/simple-webapp-mysql
    imagePullPolicy: Always
    name: webapp
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    envFrom:
    - secretRef:
        name: db-secret
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-n7kd8
      readOnly: true
...
$ k replace -f pod-secret.yaml --force

---

Practice Test - Multi Container Pods

$ k run yellow --image=busybox --dry-run=client -o yaml >> pod.yaml
$ vi pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: yellow
spec:
  containers:
  - image: busybox
    name: lemon
    command:
    - sleep
    - "1000"
  - image: redis
    name: gold
status: {}
$ k replace -f pod.yaml --force

$ k get po app -n elastic-stack -o yaml >> app.yaml
$ vi app.yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2023-02-19T06:49:14Z"
  labels:
    name: app
  name: app
  namespace: elastic-stack
  resourceVersion: "684"
  uid: a6813101-57d0-49b7-9a23-8695cecb0344
spec:
  containers:
  - image: kodekloud/event-simulator
    imagePullPolicy: Always
    name: app
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /log
      name: log-volume
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-zhj86
      readOnly: true
  - image:  kodekloud/filebeat-configured
    name: sidecar
    volumeMounts:
    - mountPath: /var/log/event-simulator/
      name: log-volume
 ...
 $ k replace -f app.yaml --force

---

Practice Test - Init Containers (문서)

• Pod에 init container 추가

$ k get po red -o yaml >> red.yaml
$ vi red.yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2023-02-19T07:31:26Z"
  name: red
  namespace: default
  resourceVersion: "823"
  uid: 751c434a-4842-4b2e-b56d-7ac0e6cdd8e9
spec:
  containers:
  - command:
    - sh
    - -c
    - echo The app is running! && sleep 3600
    image: busybox:1.28
    imagePullPolicy: IfNotPresent
    name: red-container
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-l8nxb
      readOnly: true
  initContainers:
  - name: init
    image: busybox
    command: ["sleep", "20"]
  dnsPolicy: ClusterFirst
 ...
 $ k replace -f red.yaml --force

• 문제 있는 pod 수정

$ k describe po orange
...
  Warning  BackOff    3s (x3 over 16s)  kubelet            Back-off restarting failed container init-myservice in pod orange_default(4e12af02-afdc-47cc-b82f-29a7b9c79282)
$ k get po orange -o yaml >> orange.yaml
$ vi orange.yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2023-02-19T07:42:08Z"
  name: orange
  namespace: default
  resourceVersion: "1099"
  uid: 4e12af02-afdc-47cc-b82f-29a7b9c79282
spec:
  containers:
  - command:
    - sh
    - -c
    - echo The app is running! && sleep 3600
    image: busybox:1.28
    imagePullPolicy: IfNotPresent
    name: orange-container
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-g68nh
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  initContainers:
  - command:
    - sh
    - -c
    - sleeeep 2; ##sleep 으로 수정
 ...
 $ k replace -f orange.yaml --force