はてなリモートインターン2020 Kubernetes 講義資料

Transcript

1. Kubernetes IBUFOBJOUFSO 

2. ,VCFSOFUFTהכ ˖ ؝ٝذشؔ٦؛أزٖ٦ءّٝך׋׭ךاؿزؐؑ، ˖ ؝ٝذشךرفٗ؎ծؔ٦زأ؛٦ؚٔٝ ˖ 暴䗙 ˖ 㹑鎉涸ז圓䧭盖椚 ˖

   إٕؿؼ٦ؚٔٝ ˖ ؟٦ؽأر؍أؕغٔ٦頾蚚ⴓ侔 ˖ 荈⹛⻉ׁ׸׋ٗ٦ٕ،ؐزٗ٦ٕغحؙ 

3. ؙٓأة ˖ وأة٦ظ٦سהٙ٦ؕ٦ظ٦سד 圓䧭ׁ׸׷ ˖ وأة٦ظ٦سָؙٓأة׾盖椚 ˖ ٙ٦ؕ٦ظ٦سד؝ٝذش׾㹋遤 

4. 1PE ˖ رفٗ؎ך剑㼭⽃⡘ ˖ 1PEכא⟃♳ך؝ٝذشַ׵圓䧭 ׁ׸׷ ˖ 3FQMJDB4FUכ1PEךٖفٔؕ侧׾盖 椚ׅ׷ ˖

   %FQMPZNFOUכ3FQMJDB4FU׾盖椚 ׃ծ1PE׾刿倜ׅ׷ 

5. 4FSWJDF ˖ 1PEח㼎׃גزٓؿ؍حؙ׾ٕ٦ذ؍ؚׅٝ׷ ➬穈׫ ˖ ؟٦ؽأر؍أؕغٔ ˖ ؙٓأةⰻך%/4״׶؟٦ؽأ׾䱱ֿׅה ָדֹ׷ ˖

   BDDPVOU؟٦ؽأכ
   account.hatena- intern-2020.svc.cluster.local
   הְֲ 䕎䒭ד%/4
   "ٖ؝٦سחⶴ׶䔲ג׵׸׷ 

6. ٔا٦أⵖꣲ ˖ 1PEח㼎׃גⶴ׶䔲ג׷$16װًٌٔךⵖꣲ׾遤ֲֿהָדֹ ׷ ˖ $16
   ؝، W$16 ׾N NJMMJDPSFT ה׃ג䭷㹀

   ˖ 銲実הⵖꣲ ˖ ♴ꣲה♳ꣲ׾䭷㹀דֹ׷ ˖ ظ٦سח1PE׾ꂁ縧ׅ׷ꥷח罋䣁ׁ׸׷ 

7. قٕأثؑحؙ ˖ 1PEָ姻׃ֻ⹛⡲׃גְ׷ַ然钠ׅ׷׋׭ך➬穈׫ ˖ MJWFOFTT ˖ ،فٔ؛٦ءָّٝ饯⹛׃ծ姻׃ֻ⹛⡲׃גְ׷ַוֲַ ˖ ثؑحָؙ鸐׵זַ׏׋הֹכ1PE׾ⱄ饯⹛ׅ׷ ˖

   SFBEJOFTT ˖ 1PEך彊⪒ָדֹגְ׷ַוֲַ ˖ ثؑحָؙ鸐׏׋הֹחزٓؿ؍حؙ׾「ֽⰅ׸׷ 

8. وصؿؑأز ˖ ٔا٦أ㹀纏ָ剅ַ׸׋:".- ˖ kubectl apply -f <manifest>
   ח״׏גLTؙٓأةח 黝欽 ˖

   ֿ׸ח״׶㹑鎉涸ז؝٦سח״׷盖椚ָ〳腉הז׷ ˖ *OGSBTUSVDUVSF
   BT
   $PEF 

9. ,VTUPNJ[F ˖ IUUQTHJUIVCDPNLVCFSOFUFTTJHTLVTUPNJ[F ˖ LTךوصؿؑأزך圓䧭׾ؕأةو؎ؤׅ׷׋׭ךخ٦ٕ ˖ kustomization.yaml
   חוךوصؿؑأز׾⢪ֲַծ TFDSFUװDPOHך鏣㹀זו׾鎸鶢ׅ׷ 

10. 4LBPME ˖ IUUQTTLBPMEEFW ˖ ؿ؋؎ٕך㢌刿׾嗚濼׃ג؝ٝذش؎ً٦آךؽٕسծ LT橆㞮פ⿾僥ׅ׷خ٦ٕ ˖ skaffold.yaml
    ח㼎韋הז׷ؿ؋؎ٕծEPDLFS؎ً٦آծ وصؿؑأز׾鎸鶢ׅ׷ 

11. ,VCFSOFUFTعٝؤؔٝ 

12. ،آؑٝت ˖ 痥♧鿇
    )BUFOB*OUFSO橆㞮ד麇רֲ ˖ 痥✳鿇
    鎸岀㢌䳔؟٦ؽأך鷄⸇ ˖ 痥♲鿇
    -FUT
    USZ
    ؔ٦زأ؛٦ٕ׾鏣㹀׃״ֲ 

13. 痥♧鿇 )BUFOB*OUFSO橆㞮ד麇רֲ 

14. ֿך儗꟦כعٝؤؔٝדׅ ˖ ♧筰ח䩛׾⹛ַ׃ג䩛⯋ך,VCFOFUFT橆㞮׾鍗׏ג׫ת׃׳ֲ ˖ github.com/hatena/Hatena-Intern-2020-Template
    ׾ ⯋ח׃׋ٔهآزٔ♳ד⡲噟׃תׅ ˖ 鎸鯹ׁ׸גְ׷؝وٝسכծٔهآزٕٔ٦زד㹋遤׃גֻ׌ְׁ ˖ ת׆כHJUךCSBODI׾ⴖ׶ת׃׳ֲ

    % git switch -c k8s-handson 

15. ؟٦ؽأך圓䧭 

16. وصؿؑأزך圓䧭 k8s ├── account │ ├── app.yaml │ ├── config

    │ │ └── schema.sql │ ├── db.yaml │ ├── kustomization.yaml │ ├── secret │ │ └── ecdsa-private.pem │ └── test.yaml ├── blog │ ├── app.yaml │ ├── config │ │ └── schema.sql │ ├── db.yaml │ ├── kustomization.yaml │ ├── secret │ │ └── account-ecdsa-public.pem │ └── test.yaml ├── kustomization.yaml ├── namespace.yaml ├── renderer-go │ ├── app.yaml │ └── kustomization.yaml └── system └── sa.yaml ˖ k8s
    ر؍ؙٖزָٔوصؿؑأز縧ֹ㜥 ˖ BDDPVOUCMPHSFOEFSFSHPהو؎ؙٗ؟٦ؽأ׀ החر؍ؙٖزٔ׾ⴓֽ׷ ˖ kustomization.yaml
    ָLVTUPNJ[Fך鏣㹀ؿ؋ ؎ٕ 

17. apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - app.yaml - db.yaml -

    test.yaml secretGenerator: - name: blog-app-secret files: - secret/account-ecdsa-public.pem configMapGenerator: - name: blog-app-env-vars literals: # (snip) - name: blog-db-schema-config files: - config/schema.sql 

18. 饯⹛ % make up skaffold dev !"cleanup=false ˖ http:!"localhost:8080/
    ח،ؙإأ׃ג׫ת׃׳ֲ ˖

    services/blog/templates/index.html
    ׾剅ֹ䳔ִגծ 㢌刿ָ⿾僥ׁ׸׷ֿה׾然钠׃ת׃׳ֲ 橆㞮ך⵴ꤐ % skaffold delete 

19. LVCFDUM׾⢪ֲ彊⪒ CBTI[TIדך؝وٝس酡㸣ך鏣㹀 # bash source <(kubectl completion bash) # zsh

    source <(kubectl completion zsh) ֶׅׅ׭
    ؒ؎ٔ،أך鏣㹀׾׃גֶֻ alias k=kubectl 

20. ؟٦ؽأָ饯⹛׃גְ׷ֿה׾然钠ׅ׷ DPOUFYUךⴖ׶剏ִ % kubectl config use-context hatena-intern-2020 

21. 1PEָ饯⹛ׅ׷圫㶨׾鋅״ֲ ♧䏝橆㞮׾⵴ꤐ׃גծ饯⹛׃湫׃ת׃׳ֲ % skaffold delete % make up ⴽך畭劣ד㹋遤׃ג1PEך朐䡾׾鋅׷ %

    kubectl get pods -w % kubectl describe pods 1PEָ饯⹛׃׋ֿה׾然钠׃גمأز⩎ַ׵
    http:!"localhost:8080/
    ח،ؙإأծـؚٗ׾⡲䧭׃ג׫ת׃׳ֲ 

22. رغحؚ # Podͷৄࡉ৘ใͷදࣔ % kubectl describe pod blog # ωʔϜεϖʔε্ʹ͋ΔϦιʔεͷ৘ใΛදࣔ

    % kubectl get all # ىಈ͍ͯ͠ΔPodͰγΣϧΛىಈ͢Δ % kubectl exec -it svc/account !" /bin/sh ˖ 饯⹛׃גְ׷فٗإأכ
    !
    ps ˖ CMPH؟٦ؽأח،ؙإأ
    !
    wget -q -O - blog:8080 ˖ !
    nslookup blog 

23. ر٦ةك٦أךرغحؚ 䩛⯋חNZTRM
    DMJFOUָזְ㜥さכأؗحف׃גֻ׌ְׁ # ϙʔτͷసૹ % kubectl port-forward svc/blog-db 13306:3306 #

    ϗετ͔ΒMySQLʹ઀ଓͰ͖ΔΑ͏ʹͳΔ % mysql -u root -h 127.0.0.1 -P 13306 

24. NFUSJDTTFSWFSך㼪Ⰵ ˖ IUUQTHJUIVCDPNLVCFSOFUFTTJHTNFUSJDTTFSWFS # docker desktopͷ৔߹ % wget -O k8s/system/metrics-server.yaml

    \ https:!"github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.7/components.yaml # metrics-serverͷҾ਺ʹ!#kubelet-insecure-tlsΛ༩͑ͯىಈ͢Δ % perl -i -pe 's/^(\s*)- !#secure-port=4443$/$&\n$1- \ !#kubelet-insecure-tls/' k8s/system/metrics-server.yaml % kubectl apply -f k8s/system/metrics-server.yaml # minikubeͷ৔߹ % minikube addons enable metrics-server 

25. OPEFծQPEךًزؙٔأ׾《䖤 《䖤דֹ׷תדח儗꟦ַַָ׷ךד㼰׃䖉׏גַ׵㹋遤ׅ׷ % kubectl top nodes NAME CPU(cores) CPU% MEMORY(bytes)

    MEMORY% docker-desktop 469m 5% 1873Mi 32% % kubectl top pods NAME CPU(cores) MEMORY(bytes) account-86649c57b4-jq26g 2m 3Mi account-db-55579cb588-mmfv6 15m 345Mi account-test-59c689cdd4-q89rh 0m 1Mi blog-db-6f7f4c8797-rxtnz 15m 406Mi blog-test-86cff5d98c-ttp2z 0m 0Mi renderer-go-7d8d7fdf64-qhn95 5m 13Mi 

26. ,VCFSOFUFT
    %BTICPBSEך㼪Ⰵ ˖ IUUQTHJUIVCDPNLVCFSOFUFTEBTICPBSE # docker desktopͷ৔߹ % kubectl apply -f

    https:!"raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml # αΠϯΠϯ͢ΔͨΊͷτʔΫϯ % kubectl apply -f k8s/system/sa.yaml % kubectl -n kubernetes-dashboard describe secret \ $(kubectl -n kubernetes-dashboard get secret | grep hatena-intern-2020-admin-user | awk '{print $1}') % kubectl proxy # http:!"localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ ʹΞΫηε # minikubeͷ৔߹ % minikube dashboard 

27. 痥✳鿇 鎸岀㢌䳔؟٦ؽأך鷄⸇ 

28. 鎸岀㢌䳔؟٦ؽأ
    SFOEFSFS ˖ services/renderer-ts
    ח֮׷㹋鄲׾LT♳ד⹛ַׅ ˖ رؿٕؓزדכ
    services/renderer-go
    ָ⹛ְגְ׷ ˖ k8s/renderer-go
    ׾⿫罋חծk8s/renderer-ts
    ׾鷄⸇ 

29. وصؿؑأز ˖ 鷄⸇ׅ׷وصؿؑأز ˖ k8s/renderer-ts/kustomization.yaml ˖ k8s/renderer-ts/app.yaml ˖ 箟꧊ׅ׷وصؿؑأز ˖

    skaffold.yaml ˖ k8s/kustomization.yaml ˖ k8s/blog/kustomization.yaml 

30. وصؿؑأزך鷄⸇ % cp -R k8s/renderer-go k8s/renderer-ts % perl -i -pe

    's/renderer-go/renderer-ts/g' k8s/renderer-ts/*.yaml ˖ k8s/renderer-go
    ر؍ؙٖزٔ׾؝ؾ٦׃ג
    k8s/ renderer-ts
    ׾⡲䧭 ˖ وصؿؑأزⰻך
    renderer-go
    ׾
    renderer-ts
    ח縧ֹ䳔ִ 

31. وصؿؑأزך箟꧊ TLBPMEZBNM apiVersion: skaffold/v2beta5 kind: Config metadata: name: hatena-intern-2020 build:

    artifacts: # (snip) - image: hatena-intern-2020-renderer-go context: services/renderer-go - image: hatena-intern-2020-renderer-ts # ! context: services/renderer-ts # ! local: # (snip) ˖ services/renderer-ts
    ךEPDLFS؎ً٦آךؽٕسהLTؙٓأةפך⿾僥ָׁ׸׷״ֲחׅ׷ 

32. وصؿؑأزך箟꧊ LTLVTUPNJ[BUJPOZBNM apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: hatena-intern-2020 resources: -

    namespace.yaml - account - blog - renderer-go - renderer-ts # ! 

33. وصؿؑأزך箟꧊ LTCMPHLVTUPNJ[BUJPOZBNM apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization # (snip) configMapGenerator: -

    name: blog-app-env-vars literals: - MODE=development - DATABASE_DSN=root@(blog-db:3306)/intern_2020_blog?time_zone=UTC&parseTime=true&loc=UTC - ACCOUNT_ADDR=account:50051 - RENDERER_ADDR=renderer-ts:50051 # ! - name: blog-test-env-vars # (snip) ˖ CMPH؟٦ؽأך鎸岀㢌䳔؟٦ؽأפךぢֹ⯓׾SFOEFSFSHPַ׵SFOEFSFSUT ח㢌ִ׷ 

34. 1PEָ姻䌢ח饯⹛׃זְ㜥さ ˖ kubectl get pods
    ׾㹋遤׃גぐ1PEָ姻׃ֻ饯⹛׃גְ׷ ַוֲַ然钠ׅ׷ ˖ kubectl describe pod

    renderer-ts
    ד鑫稢䞔㜠׾然钠 ˖ ז׈姻䌢ח饯⹛׃זְַ⾱㔓׾䱱׹ֲ 

35. ⾱㔓 ˖ SFOEFSFSUTך1PEך朐䡾ָ
    OOMKilled
    ד䓼ⵖ穄✪ׁ׸גְ׷ ˖ SFOEFSFSHPד鏣㹀׃גְ׷ًٌٔךⵖꣲכSFOEFSFSUTדכ駈׶זַ׏׋׋׭ծ1PE 饯⹛儗חًٌٔ♶駈ד䓼ⵖ穄✪ׁ׸גְ׋ ˖ k8s/renderer-ts/app.yaml
    ׾箟꧊׃ծ$16ًٌٔⵖꣲ׾㢌刿ׅ׷ resources: requests:

    cpu: 100m memory: 20Mi limits: cpu: 200m memory: 40Mi 

36. 㹋ꥷחSFOEFSFSUTָ⹛ֻֿה׾然钠ׅ׷ ˖ kubectl get pods
    ״׶ׅץגך1PEָ姻䌢ח饯⹛׃גְ׷ֿ ה׾然钠 ˖ http:!"localhost:8080/
    ״׶؟؎ٝ،حف׾遤ְծ鎸✲׾ ⡲䧭׃
    renderer-ts
    ؟٦ؽأָ⹛ֻֿה׾然钠 

37. 痥♲鿇 -FUT
    USZ
    ؔ٦زأ؛٦ٕ׾ 鏣㹀׃״ֲ 

38. CMPH؟٦ؽأ׾ؔ٦زأ؛٦ׇׁٕ׷ ˖ 㣐ꆀחװ׏גֻ׷ؙٔؒأزח㼎׃גٖأهٝأך䘔瘶儗꟦ך ל׵אָֹזְ״ֲחׅ׷ ˖ ⵖ秈 ˖ SFTPVSDFTMJNJUTכ㢌刿׃זְֿה ˖ 剑ⴱח鏣㹀ׅ׷1PEךٖفٔؕ侧כךתתחׅ׷ֿה

    ˖ ،فٔ؛٦ءّٝך鏣㹀כ㢌刿׃זְֿה 

39. BC
    "QBDIF
    #FODI
    ח״׷頾蚚ذأز % kubectl exec deploy/blog-test !" ab -n

    1000 -c 10 http:!#blog:8080/ ˖ -n
    鷏⥋ׅ׷ؙٔؒأزך侧 ˖ -c
    ず儗חؙٔؒأزׅ׷侧 ˖ CMPH؟٦ؽأךذأز㹋遤欽ך؝ٝذشַ׵BC׾㹋遤דֹ׷״ ֲח׃ג֮׷ 

40. ⿫罋
    ؔ٦زأ؛٦ٕך鏣㹀׾׃גְגְזְ1PEךٖفٔؕ侧ָך朐䡾 % ab -n 1000 -c 10 http:!"localhost:8080/ (snip) Server

    Software: Server Hostname: localhost Server Port: 8080 Document Path: / Document Length: 831 bytes Concurrency Level: 10 Time taken for tests: 97.873 seconds Complete requests: 1000 Failed requests: 42 (Connect: 0, Receive: 0, Length: 42, Exceptions: 0) Total transferred: 1099784 bytes HTML transferred: 796098 bytes Requests per second: 10.22 [#/sec] (mean) Time per request: 978.730 [ms] (mean) Time per request: 97.873 [ms] (mean, across all concurrent requests) Transfer rate: 10.97 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 0 0 0.1 0 1 Processing: 1 975 605.9 897 3696 Waiting: 0 910 579.2 798 3696 Total: 1 975 605.9 898 3696 Percentage of the requests served within a certain time (ms) 50% 898 66% 1099 75% 1299 80% 1399 90% 1798 95% 2098 98% 2498 99% 2798 100% 3696 (longest request) ˖ 頾蚚ذأزחַַ׏׋儗꟦כ T ˖ ؙٔؒأز֮׋׶ך䎂㖱儗꟦כ NT 

41. )PSJ[POUBM
    1PE
    "VUPTDBMFS
    )1" ˖ $16⢪欽桦ח״׏ג1PEך侧׾㟓幾ׇׁג宏䎂חؔ٦زأ؛٦ ٕׅ׷➬穈׫ ˖ ؔ٦زأ؛٦ٕך꟦ꥫכرؿٕؓزדכ猱׀הזךד岣䠐ׅ ׷ ˖ ⡦䏝ַBC؝وٝس׾㹋遤ׅ׷䗳銲ָ֮׷ַ׮׃׸זְ

    

42. ؔ٦زأ؛٦ٕך鏣㹀 % kubectl autoscale deployment blog !"cpu-percent=50 !"min=1 !"max=10 ˖

    !"cpu-percent
    湡垥הז׷1PEⰋ⡤ך䎂㖱$16⢪欽桦 ˖ !"min
    ؔ٦زأ؛٦ٕׅ׷ꥷך1PE侧ך♴ꣲ ˖ !"max
    ؔ٦زأ؛٦ٕׅ׷ꥷך1PE侧ך♳ꣲ 

43. 然钠ׅ׷ֿה ˖ BCך穠卓ַ׵⡦ָ׻ַ׷ַ ˖ ؙٔؒأز֮׋׶ך䎂㖱儗꟦כ ˖ ,VCFSOFUFT
    %BTICPBSEַ׵ⴓַ׷ֿהכ ˖ CMPH
    1PE
    כְֻאתד㟓ִ׋ַ ˖

    kubectl get hpa blog
    דؔ٦زأ؛٦ٕך朐䡾׾然钠׃״ֲ ˖ ♧㹀劍꟦،ؙإأׇ׆ח佝縧׃גأ؛٦ٕتؐٝך圫㶨׮鋅ג׫׷ 

44. 晙בֽ % kubectl delete hpa blog