- 쿠버네티스는 대부분의 리소스를 "오브젝트"라고 불리는 형태로 관리
- 오브젝트는 추상화된 집합에서 크게 벗어나지 않은 개념
"kubectl api-resources"로 사용할 수 있는 오브젝트 파악 가능
[root@master ~]# kubectl api-resources
NAME SHORTNAMES APIVERSION NAMESPACED KIND
bindings v1 true Binding
componentstatuses cs v1 false ComponentStatus
configmaps cm v1 true ConfigMap
endpoints ep v1 true Endpoints
events ev v1 true Event
limitranges limits v1 true LimitRange
namespaces ns v1 false Namespace
nodes no v1 false Node
persistentvolumeclaims pvc v1 true PersistentVolumeClaim
persistentvolumes pv v1 false PersistentVolume
pods po v1 true Pod
podtemplates v1 true PodTemplate
replicationcontrollers rc v1 true ReplicationController
resourcequotas quota v1 true ResourceQuota
secrets v1 true Secret
serviceaccounts sa v1 true ServiceAccount
services svc v1 true Service
mutatingwebhookconfigurations admissionregistration.k8s.io/v1 false MutatingWebhookConfiguration
validatingadmissionpolicies admissionregistration.k8s.io/v1 false ValidatingAdmissionPolicy
validatingadmissionpolicybindings admissionregistration.k8s.io/v1 false ValidatingAdmissionPolicyBinding
validatingwebhookconfigurations admissionregistration.k8s.io/v1 false ValidatingWebhookConfiguration
customresourcedefinitions crd,crds apiextensions.k8s.io/v1 false CustomResourceDefinition
apiservices apiregistration.k8s.io/v1 false APIService
controllerrevisions apps/v1 true ControllerRevision
daemonsets ds apps/v1 true DaemonSet
deployments deploy apps/v1 true Deployment
replicasets rs apps/v1 true ReplicaSet
statefulsets sts apps/v1 true StatefulSet
selfsubjectreviews authentication.k8s.io/v1 false SelfSubjectReview
tokenreviews authentication.k8s.io/v1 false TokenReview
localsubjectaccessreviews authorization.k8s.io/v1 true LocalSubjectAccessReview
selfsubjectaccessreviews authorization.k8s.io/v1 false SelfSubjectAccessReview
selfsubjectrulesreviews authorization.k8s.io/v1 false SelfSubjectRulesReview
subjectaccessreviews authorization.k8s.io/v1 false SubjectAccessReview
horizontalpodautoscalers hpa autoscaling/v2 true HorizontalPodAutoscaler
cronjobs cj batch/v1 true CronJob
jobs batch/v1 true Job
certificatesigningrequests csr certificates.k8s.io/v1 false CertificateSigningRequest
leases coordination.k8s.io/v1 true Lease
bgpconfigurations crd.projectcalico.org/v1 false BGPConfiguration
bgpfilters crd.projectcalico.org/v1 false BGPFilter
bgppeers crd.projectcalico.org/v1 false BGPPeer
blockaffinities crd.projectcalico.org/v1 false BlockAffinity
caliconodestatuses crd.projectcalico.org/v1 false CalicoNodeStatus
clusterinformations crd.projectcalico.org/v1 false ClusterInformation
felixconfigurations crd.projectcalico.org/v1 false FelixConfiguration
globalnetworkpolicies crd.projectcalico.org/v1 false GlobalNetworkPolicy
globalnetworksets crd.projectcalico.org/v1 false GlobalNetworkSet
hostendpoints crd.projectcalico.org/v1 false HostEndpoint
ipamblocks crd.projectcalico.org/v1 false IPAMBlock
ipamconfigs crd.projectcalico.org/v1 false IPAMConfig
ipamhandles crd.projectcalico.org/v1 false IPAMHandle
ippools crd.projectcalico.org/v1 false IPPool
ipreservations crd.projectcalico.org/v1 false IPReservation
kubecontrollersconfigurations crd.projectcalico.org/v1 false KubeControllersConfiguration
networkpolicies crd.projectcalico.org/v1 true NetworkPolicy
networksets crd.projectcalico.org/v1 true NetworkSet
tiers crd.projectcalico.org/v1 false Tier
endpointslices discovery.k8s.io/v1 true EndpointSlice
events ev events.k8s.io/v1 true Event
flowschemas flowcontrol.apiserver.k8s.io/v1 false FlowSchema
prioritylevelconfigurations flowcontrol.apiserver.k8s.io/v1 false PriorityLevelConfiguration
ingressclasses networking.k8s.io/v1 false IngressClass
ingresses ing networking.k8s.io/v1 true Ingress
networkpolicies netpol networking.k8s.io/v1 true NetworkPolicy
runtimeclasses node.k8s.io/v1 false RuntimeClass
poddisruptionbudgets pdb policy/v1 true PodDisruptionBudget
adminnetworkpolicies anp policy.networking.k8s.io/v1alpha1 false AdminNetworkPolicy
clusterrolebindings rbac.authorization.k8s.io/v1 false ClusterRoleBinding
clusterroles rbac.authorization.k8s.io/v1 false ClusterRole
rolebindings rbac.authorization.k8s.io/v1 true RoleBinding
roles rbac.authorization.k8s.io/v1 true Role
priorityclasses pc scheduling.k8s.io/v1 false PriorityClass
csidrivers storage.k8s.io/v1 false CSIDriver
csinodes storage.k8s.io/v1 false CSINode
csistoragecapacities storage.k8s.io/v1 true CSIStorageCapacity
storageclasses sc storage.k8s.io/v1 false StorageClass
volumeattachments storage.k8s.io/v1 false VolumeAttachment- 특정 오브젝트의 간단한 설명을 보고 싶다면 kubectl explain 명령어로 확인
[root@master ~]# kubectl explain pod
KIND: Pod
VERSION: v1
DESCRIPTION:
Pod is a collection of containers that can run on a host. This resource is
created by clients and scheduled onto hosts.
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata <ObjectMeta>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
spec <PodSpec>
Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
status <PodStatus>
Most recently observed status of the pod. This data may not be up to date.
Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status- 쿠버네티스는 명령어로 사용할 수 있지만 YAML 파일을 더 많이 사용
쿠버네티스트 YAML 파일로 리소스를 생성하거나 삭제할 수 있다. 설정값(ConfigMap), 비밀값(Secrets), Contreller 등 모두 YAML 파일로 정의해 사용한다.
쿠버네티스 노드의 역할을 크게 마스터와 워커로나뉘어 있다. 마스터 노드는 쿠버네티스가 제대로 동작할 수 있게 클러스터를 관리하는 역할을 담당하며, 워커 노드에는 애플리케이션 컨테이너가 생성된다.
쿠버네티스는 API 서버, 컨트롤러 매니저, 스케줄러, DNS 서버, 프락시와 네트워크 플러그인 등이 컨테이너로 많은 컴포넌트들이 실행되고 있다 마스터 노드에서 circtl 명령어를 실행해보면 많은 컨테이너를 확인할 수 있다.
[root@master ~]# crictl ps
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID POD NAMESPACE
9122b5b9e5017 6331715a2ae96 7 hours ago Running calico-kube-controllers 1 e384deb5b5ce2 calico-kube-controllers-69d8557557-wwfpv kube-system
e21971d2e4045 c69fa2e9cbf5f 7 hours ago Running coredns 1 51b0e957d7a22 coredns-5c54f84c97-75kbf kube-system
d561e7329b19c feb26d4585d68 7 hours ago Running calico-node 1 514a29258c22b calico-node-4phb8 kube-system
787f748dcdf28 59d295ba73230 7 hours ago Running node-cache 1 d976f7c929d2b nodelocaldns-p6q8x kube-system
82600f89833ed 040f9f8aac8cd 7 hours ago Running kube-proxy 1 090b87b0e7f21 kube-proxy-qdwpd kube-system
329ab2484d58f c2e17b8d0f4a3 7 hours ago Running kube-apiserver 2 26479b6b7e078 kube-apiserver-master kube-system
6a96b38d703b0 a389e107f4ff1 7 hours ago Running kube-scheduler 3 45c7d85583866 kube-scheduler-master kube-system
4ba80ee722150 8cab3d2a8bd0f 7 hours ago Running kube-controller-manager 3 48dd714f52229 kube-controller-manager-master kube-system
kubelet이라는 에이전트는 모든 노드에서 실행되며, 컨테이너 생성, 삭제, 마스터와 워커 노드 간의 통신 역할을 함께 담당한다. kubeletd이 정상적으로 실행되지 않으면 해당 노드는 쿠버네티스와 제대로 연결되지 않을 수도 있다.
파드
컨테이너 애플리케이션의 기본 단위를 파드라고 부르며, 파드는 1개 이상의 컨테이너로 구성된 컨테이너의 집합이다. 파드는 쿠버네티스에서 가장 기초적이고 중요한 개념이기 때문에 반드시 이해하고 넘어가는 것이좋다.
도커 엔진에서는 기본 단위가 도커 컨테이너고, 스웜 모드에서의 기본 단위는 여러 개의 컨테이너로 구성된 서비스다. 쿠버네티스에서는 컨테이너 애플리케이션을 배포하기 위한 기본 단위로 파드라는 개념을 사용한다. 1개의 파드에는 1개의 컨테이너가 존재할 수도 있고, 여러 개의 컨테이너가 존재할 수도 있다.
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
https://kubernetes.io/ko/docs/concepts/workloads/pods/
파드
파드(Pod) 는 쿠버네티스에서 생성하고 관리할 수 있는 배포 가능한 가장 작은 컴퓨팅 단위이다. 파드 (고래 떼(pod of whales)나 콩꼬투리(pea pod)와 마찬가지로)는 하나 이상의 컨테이너의 그룹이다.
kubernetes.io
Sidecar Containers test
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
labels:
app: myapp
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: alpine:latest
command: ['sh', '-c', 'while true; do echo "logging" >> /opt/logs.txt; sleep 1; done']
volumeMounts:
- name: data
mountPath: /opt
initContainers:
- name: logshipper
image: alpine:latest
restartPolicy: Always
command: ['sh', '-c', 'tail -F /opt/logs.txt']
volumeMounts:
- name: data
mountPath: /opt
volumes:
- name: data
emptyDir: {}https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/
Sidecar Containers
FEATURE STATE: Kubernetes v1.29 [beta] Sidecar containers are the secondary containers that run along with the main application container within the same Pod. These containers are used to enhance or to extend the functionality of the primary app container
kubernetes.io
[root@master pod]# kubectl create -f sidecar-pod.yaml
deployment.apps/myapp created
[root@master pod]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-55d976bcf9-d5gxs 0/2 Init:0/1 0 10s <none> node1 <none> <none>
[root@master pod]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-55d976bcf9-d5gxs 2/2 Running 0 14s 10.233.102.130 node1 <none> <none>
[root@master pod]# kubectl exec myapp-55d976bcf9-d5gxs -c logshipper -it -- cat /opt/logs.txt
logging
logging
logging
logging
logging
logging
logging
logging
logging
logging
logging
logging
- kubectl exec myapp-55d976bcf9-d5gxs -c logshipper -it -- tail -f /opt/logs.txt 명령어로 계속 logging이 찍히는걸 확인할 수 있다.