Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
Goでkubernetes operatorを実装してアプリのプレビュー環境を作る/go-kubernetes-operator
Takuma Kume
June 10, 2021
Technology
0
110
Goでkubernetes operatorを実装してアプリのプレビュー環境を作る/go-kubernetes-operator
fukuoka.go#17
Takuma Kume
June 10, 2021
Tweet
Share
More Decks by Takuma Kume
See All by Takuma Kume
GitOpsで実現するPull Request毎のプレビュー環境/Preview environment for each Pull Request by GitOps
takumakume
0
120
クラウドネイティブな開発環境への移行/Move to the cloud native development environment
takumakume
1
320
200万ドメインを超えるレンタルサーバのコンテンツキャッシュ機能の裏側/2_million_more_than_the_domain_the_back_of_the_rental_server_content_cache
takumakume
10
2.3k
DDoS攻撃との終わりなき戦い/endless_battle_with_ddos_attack
takumakume
5
9.6k
toward_systematization_of_linux_trace_tool
takumakume
0
110
eBPF入門 /eBPF-getting-started
takumakume
6
6k
Webサーバ拡張における排他制御のパフォーマンスチューニング /performance_tuning_of_exclusive_control in_web_server extension
takumakume
7
1.8k
ホスティングにおける安定運用のためのアクセスコントロール手法
takumakume
3
1.9k
MHAでデータベースの運用を楽にしよう!
takumakume
0
780
Other Decks in Technology
See All in Technology
#awsbasics [LT] サーバレスECにおける Step Functions の使い方
miu_crescent
0
860
Life Hacker with LINE Bot and GitHub API
line_developers_tw
PRO
0
5.2k
Power BI のうらがわ
hanaseleb
1
160
テクニカルライティングの検定を受けてみた話 / "My Story About Taking the Technical Writing Exam
line_developers
PRO
1
220
やってみたLT会 Fleet Managerのススメ
yukiiiiikuma
PRO
0
410
20220731 如何跟隨開源技術保持你的職涯發展
pichuang
0
120
Red Hat Enterprise Linux 9のリリースノートを読む前に知りたい最近のキーワードをまとめて復習
moriwaka
0
370
増田亨さんによる 「設計の考え方とやり方」勉強会オープニング
tsuyok
0
220
開発環境のセキュリティおよびCI/CDパイプラインのセキュア化
rung
PRO
12
5.1k
2022 COSCUP - GKE Backend Cluster 除雷分享
brentchang
0
120
データをコネコネ!メール配信用データ生成の仕組み
kappezoro
0
120
VS Code Meetup #21 - もう一度知りたい基礎編 - ファイル操作、コーディングの基本編
74th
0
200
Featured
See All Featured
A designer walks into a library…
pauljervisheath
196
16k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
12
940
Mobile First: as difficult as doing things right
swwweet
213
7.6k
A better future with KSS
kneath
226
16k
The Cult of Friendly URLs
andyhume
68
4.8k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
100
6k
Making Projects Easy
brettharned
98
4.4k
Learning to Love Humans: Emotional Interface Design
aarron
261
37k
Imperfection Machines: The Place of Print at Facebook
scottboms
253
12k
GraphQLの誤解/rethinking-graphql
sonatard
31
6.8k
GitHub's CSS Performance
jonrohan
1020
420k
Gamification - CAS2011
davidbonilla
75
3.9k
Transcript
GVLVPLBHP (PͰLVCFSOFUFTPQFSBUPSΛ࣮ͯ͠ ΞϓϦͷϓϨϏϡʔڥΛ࡞Δ
(.0ϖύϘגࣜձࣾ ϗεςΟϯάࣄۀ෦ 43&νʔϜ ΫϥυωΠςΟϒԽͷਪਐ ٱถഅ!UBLVNBLVNF
࣍ wlLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ wࠓճ࣮ͨ͠ιϑτΣΞͷհ w։ൃܦҢ w(PʹΑΔ0QFSBUPS࣮ wॴײ
zLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ
zLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ apiserver kubectl apply Control plane Data plane controller manager
ReplicaSet Pod Pod ࢦఆ͞ΕͨPodͷΛ อͱ͏ͱ͢Δ ReplicaSetͷྫ replicas:2 PodΛ1ͭআͯ͠ ίϯτϩʔϥʔ͕ݕͯ͠ ࠶࡞͞ΕΔ
zLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ apiserver kubectl apply Control plane Data plane controller manager
ReplicaSet Pod Pod ࢦఆ͞ΕͨPodͷΛ อͱ͏ͱ͢Δ ReplicaSetͷྫ replicas:2 PodΛ1ͭআͯ͠ ίϯτϩʔϥʔ͕ݕͯ͠ ࠶࡞͞ΕΔ kubernetes ͜ͷಈ͖Λ֦ுͰ͖Δ kubernetesΛ֦ு͢Δख๏ͷͻͱͭʹOperator͕͋Δ
zLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ apiserver kubectl apply Control plane Data plane Custom Controller
Custom Resource Custom Resource Definition (CRD) + ಠࣗͷϦιʔεఆٛ CRDͷఆٛʹج͍ͮͨ Ϧιʔε CRΛίϯτϩʔϧͯ͠ ఆٛ͞Εͨঢ়ଶʹอͭ kubernetes operator ͷ࣮ମ
ࠓճ࣮ͨ͠ͷ
apiVersion: service-expose.../v1alpha1 kind: ServiceExpose metadata: name: example namespace: ns1 spec:
backend: service: name: example-svc port: number: 8080 domain: example.com path: / pathType: Prefix tlsEnable: true tlsSecretName: example-tls annotations: cert-manager.io/cluster-issuer: letsencrypt apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: example namespace: ns1 annotations: cert-manager.io/cluster-issuer: letsencrypt spec: rules: - host: example-svc.ns1.example.com http: paths: - backend: service: name: example-svc port: number: 8080 path: / pathType: Prefix tls: - hosts: - example-svc.ns1.example.com secretName: example-tls backend: service: name: example-svc port: number: 8080 example-svc ns1 example.com example-svc ns1 example.com example-svc ns1 example.com ࢦఆͨ͠ServiceΛ IngressͰެ։͢Δ ެ։͢Δϗετ໊ͱͯ͠ αʔϏεσΟεΧόϦతʹ ࣗಈͰ༩͢Δ IUUQTHJUIVCDPNUBLVNBLVNFTFSWJDFFYQPTFPQFSBUPS αʔϏε໊ namespace υϝΠϯ Custom Resource
։ൃܦҢ
։ൃܦҢ w 8FCΞϓϦέʔγϣϯΛෳӡ༻͍ͯͯ͠ɺ։ൃؔऀ໊Ҏ্͍ Δ w 1VMM3FRVFTUຖͷϓϨϏϡʔڥΛLVCFSOFUFT্Ͱ࣮ߦ͍ͨ͠ w 1VMM3FRVFTU͕࡞͞ΕͨΒɺઐ༻ͷڥ্ཱ͕͕ͪΔ w ݱࡏͭͷTUBHJOHڥΛ։ൃऀͰڞ༗͍ͯ͠Δ
w σϓϩΠͷखؒ w ར༻ऀͷڝ߹ എܠ
kubernetes cluster app repo system manifests repo Pull Request Github
Actions ArgoCD Config ArgoCD Github Actions ArgoCD Config Pod Ingress Namespace: app-pr-XXX 1.PRͷ࡞ 2.PRͷϒϥϯνΛ kubernetesΫϥελʹ σϓϩΠ͢ΔͨΊͷ ArgoCDͷઃఆΛੜ commit Service 3.ArgoCDͷ ઃఆՃΛݕ 4.ArgoCDͷઃఆΛ σϓϩΠ 5.PRͷϒϥϯνͷ σϓϩΠΛ։࢝ dispatch argocd-util ίϚϯυͰੜ ʲ1VMM3FRVFTUຖͷϓϨϏϡʔڥʳ ArgoCDGithub ActionsΛ׆༻ͯ͠Pull ReqτϦΨʔͰGitOpsͰϓϨϏϡʔڥΛੜ͍ͯ͠Δ 6.PRͷϒϥϯνͷ ϓϨϏϡʔڥ͕࡞ΒΕΔ 7. external-dnsͰAϨίʔυ, cert-managerͰTLSূ໌ॻΛ ࣗಈઃఆ
!"" main.go #"" manifests !"" base $ !"" kustomization.yaml $
!"" app.deployment.yaml $ #"" app.service.yaml #"" overlays !"" production $ !"" kustomization.yaml $ #"" app.ingress.yaml #"" staging !"" kustomization.yaml #"" app.ingress.yaml apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: app-pr-XXX spec: destination: namespace: app-pr-XXX server: https://kubernetes.default.svc source: path: manifests/overlays/staging repoURL: https://github.com/takumakume/app targetRevision: future-branch syncPolicy: syncOptions: - CreateNamespace=true ֤ڥͷmanifestsΛkustomizeͰཧ͍ͯ͠Δ #"" staging !"" kustomization.yaml #"" app.ingress.yaml Pull RequestຖʹNamespaceΛͬͯ stagingڥͷෳΛ࡞͍ͬͯΔ app-pr-XXX ʲ1VMM3FRVFTUຖͷϓϨϏϡʔڥʳ app repo
։ൃܦҢ ٕज़త՝ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: app-ingress
namespace: app spec: rules: - host: staging-app.example.com http: paths: - backend: service: name: app-svc port: number: 8080 path: / pathType: Prefix tls: - hosts: - staging-app.example.com secretName: app-tls staging-app.example.com staging-app.example.com w ڥͷෳ࡞Εͯɺ*OHSFTTͷϗετ ໊෦Λม͑Δ͜ͱ͕Ͱ͖ͳ͍ɻ w LVTUPNJ[Fͷ+40/1BUDIػೳɺZRίϚ ϯυͳͲͰஔͭͭ͠ద༻͢Δ͜ͱͰ ͖Δ͕ཧ͕ࡶʹͳΔɻʢܦݧࡁʣ w ద༻લͰNBOJGFTUTΛॻ͖࣮͑ͭͭ ߦ͢Δͱ(JU0QTʹΑΔԸܙ͕ബΕΔɻ ίί ίί
։ൃܦҢ ࣮ํ w (JU0QT͕Ͱ͖Δ͜ͱ w એݴతͰ͋Δ͜ͱ w ϓϨϏϡʔڥʹΞΫηε͢ΔͨΊͷϗετ໊ΛͲ͏͢Δ͔ʁ w
LVCFSOFUFTͷ4FSWJDF%JTDPWFSZ w 4&37*$&@/".&/".&"1"$&TWDDMVTUFSMPDBM w *OHSFTTͰ࣮ݱͰ͖ΔͱศརͰͳ͍͔
apiVersion: service-expose.../v1alpha1 kind: ServiceExpose metadata: name: example namespace: ns1 spec:
backend: service: name: example-svc port: number: 8080 domain: example.com path: / pathType: Prefix tlsEnable: true tlsSecretName: example-tls annotations: cert-manager.io/cluster-issuer: letsencrypt apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: example namespace: ns1 annotations: cert-manager.io/cluster-issuer: letsencrypt spec: rules: - host: example-svc.ns1.example.com http: paths: - backend: service: name: example-svc port: number: 8080 path: / pathType: Prefix tls: - hosts: - example-svc.ns1.example.com secretName: example-tls backend: service: name: example-svc port: number: 8080 example-svc ns1 example.com example-svc ns1 example.com example-svc ns1 example.com ެ։͢Δ Service αʔϏεσΟεΧόϦతͳ ϗετ໊ΛࣗಈͰ༩ αʔϏε໊ namespace υϝΠϯ ࠶ܝ
kubernetes cluster app repo system manifests repo Pull Request Github
Actions ArgoCD Config ArgoCD Github Actions ArgoCD Config Pod Namespace: app-pr-XXX 1.PRͷ࡞ 2.PRͷϒϥϯνΛ kubernetesΫϥελʹ σϓϩΠ͢ΔͨΊͷ ArgoCDͷઃఆΛੜ commit Service 3.ArgoCDͷ ઃఆՃΛݕ 4.ArgoCDͷઃఆΛ σϓϩΠ 5.PRͷϒϥϯνͷ σϓϩΠΛ։࢝ 6.PRͷϒϥϯνͷ ϓϨϏϡʔڥ͕࡞ΒΕΔ dispatch argocd-util ίϚϯυͰੜ Service Expose ੜ app.app-pr-XXX.example.com Ingress 7. external-dnsͰAϨίʔυ, cert-managerͰTLSূ໌ॻΛ ࣗಈઃఆ ServiceExposeͷΈσϓϩΠ͢Δ͜ͱͰIngressࣗಈੜ͞ΕΔ
(PʹΑΔ0QFSBUPSͷ࣮
(PʹΑΔ0QFSBUPS࣮ w ࣮खஈ w IUUQTLVCFSOFUFTJPEPDTDPODFQUTFYUFOELVCFSOFUFTPQFSBUPS w 0QFSBUPS'SBNFXPSL w $/$'*ODVCBUJOH1SPKFDU
w (PΛ༻͍࣮ͨʹ͓͍ͯ෦ͰLVCFCVJMEFSΛར༻͍ͯ͠Δ
0QFSBUPS'SBNFXPSL w 0QFSBUPS4%, w LVCFSOFUFT"1*ʹਂ͍͕ࣝͳͯ͘ɺϩδοΫʹूதͰ͖ΔΑ͏ ʹӅณͯ͘͠Ε͍ͯΔ w ίʔυδΣωϨʔλʔ w
ςετ w ύοέʔδϯά
0QFSBUPS'SBNFXPSL w ࣮ʹ͋ͨͬͯͬͨ͜ͱ w 0QFSBUPS'SBNFXPSLͷެࣜυΩϡϝϯτ͕ॆ࣮͍ͯ͠ΔͷͰɺج ຊతʹͦ͜Λࢀর͢Δ IUUQTTELPQFSBUPSGSBNFXPSLJPEPDTCVJMEJOHPQFSBUPSTHPMBOH w
ͨ·ʹࡌ͍ͬͯͳ͍߹͕͋ΔͷͰɺLVCFCVJMEFSͷެࣜυΩϡϝ ϯτͰิ͢Δ IUUQTCPPLLVCFCVJMEFSJP w ϕετϓϥΫςΟεͷ࣮ફ IUUQTTELPQFSBUPSGSBNFXPSLJPEPDTCFTUQSBDUJDFTCFTUQSBDUJDFT
w 3FDPODJMFS-PPQͷ࣮͕ϝΠϯ w ྫɿʮ1PEΛݸ࣮ߦ͢Δʯͱఆٛ͢Εͦͷঢ়ଶʹऩଋ͢Δಈ͖ (PʹΑΔ0QFSBUPS࣮ Observe Diff Action ঢ়ଶΛऔಘ
ࠩΛݕग़ ࠩͷमਖ਼
w TFSWJDFFYQPTFPQFSBUPSͷ3FDPODJMFS-PPQ (PʹΑΔ0QFSBUPS࣮ Observe Diff Action - ੜ͖͢IngressͷSpecʁ -
ੜ͖͢Ingressͱݱࡏͷ Ingressͷࠩͳʹ͔ʁ - ࠩΛຒΊΔͨΊʹIngressͷ Create/Update/DeleteΛ࣮ߦ
w ςετ (PʹΑΔ0QFSBUPS࣮ ServiceExpose ঢ়ଶऔಘ Ingress ଘࡏ͢Δ͔ʁ Ingressͷ Ξοϓσʔτ
ඞཁ͔ʁ Ingress ੜ Ingress Ξοϓσʔτ Y Y N N Reconciler Loop w ্هͷΑ͏ʹ0QFSBUPSঢ়ଶભҠ͕ൃੜ͢Δɻ w ͋ΒΏΔύλʔϯͰ3FDPODJMFS-PPQ͕ႈʹͳΔΑ͏ʹςετ͠ ͍ͨɻ
w 0QFSBUPS4%,͕ҎԼͷπʔϧΛ༻͍ͯৼΔ͍ςετͷ࣮ߦڥΛ ఏڙ͍ͯ͠Δ w FOWUFTUDPOUSPMMFSSVOUJNFͷύοέʔδͰɺςετ༻ͷ LVCFSOFUFTDPOUSPMQMBOFΛఏڙ͢Δ w HJOLHP(PMBOHͷ#%%ςετϑϨʔϜϫʔΫ w
HPNFHB(PMBOHͷ.BUDIFS-JCSBSZ HJOLHPͱηοτͰ͏ (PʹΑΔ0QFSBUPS࣮
w ྫ͑ɺ4FSWJDF&YQPTF$VTUPN3FTPVSDF͕σϓϩΠ͞Εͨ͋ͱʹɺ 4UBUVT͕3FBEZʹભҠ͢ΔͷΛͪɺ*OHSFTT͕ੜͰ͖͍ͯΔ͔ͱ͍ ͏ςετ͕ॻ͚Δɻ (PʹΑΔ0QFSBUPS࣮
ॴײ
w (JU0QTͰΧόʔͰ͖ͳ͔ͬͨҰ෦ͷΛΓग़ͯ͠0QFSBUPSͱ͍ ͏ख๏ͰղܾͰ͖ͨɻ w ϓϨϏϡʔڥͷੜશମΛ0QFSBUPSͱ࣮ͯ͢͠Δ͜ͱߟ͑ ͕ͨɺιϑτΣΞΛγϯϓϧʹอͭ΄͏͕ྑ͍ͱߟ͑ͨɻ w (PͰ0QFSBUPSΛ࣮͢Δ্Ͱ0QFSBUPS4%,Λ͕ͬͨɺϩδοΫ ʹूதͰ͖ͯศརͩͬͨɻ
w (Pͱ͍͑ςʔϒϧۦಈςετΛΑ͘͏͕ɺঢ়ଶભҠΛςετ͢ Δ্Ͱ#%%ศརͩͬͨɻ ॴײ