Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Goでkubernetes operatorを実装してアプリのプレビュー環境を作る/go-ku...
Search
Takuma Kume
June 10, 2021
Technology
250
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Goでkubernetes operatorを実装してアプリのプレビュー環境を作る/go-kubernetes-operator
fukuoka.go#17
Takuma Kume
June 10, 2021
More Decks by Takuma Kume
See All by Takuma Kume
SRE/インフラエンジニアの市場価値とキャリアパス/Market value and career path for SRE-infrastructure engineers
takumakume
2
1.5k
【新卒研修】共通言語としてのSRE/SRE as a common language
takumakume
0
290
DDoSとの終わりなき戦い2025/endless_battle_with_ddos_attack_2025
takumakume
3
190
事業部CTOの現在地(パネルディスカッション)/Current-location-of-Division-CTO
takumakume
0
230
ロリポップ! for Gamersを支えるインフラ/lolipop for gamers infrastructure
takumakume
0
1.7k
ロリポップ! for Gamersの立ち上げ/lolipop for gamers launch
takumakume
0
3k
ホモグラフドメインを検出してみた/detect homograph domain
takumakume
0
810
ソフトウェアの継続的アップデートをコンテナ化によって加速させる/Accelerate continuous software updates with containerization
takumakume
0
5.7k
KubernetesにおけるSBOMを利用した脆弱性管理/Vulnerability_Management_with_SBOM_in_Kubernetes
takumakume
2
3.2k
Other Decks in Technology
See All in Technology
依頼文化をやめる日 EM視点で語るPlatform EngineeringとInclusive SRE / Discussing Platform Engineering and Inclusive SRE from an EM's Perspective
shin1988
4
5.4k
インフラと開発の垣根を超えていき!〜元AWSインフラエンジニアがAWS開発で奮闘している話〜
hatahata021
2
180
タスクの複雑さでモデルを選ぶ ── Thompson Samplingで動かす“トークン/コスト最適化
satohy0323
0
370
シンガポールで登壇してきます
yama3133
0
120
実装だけじゃない! CCA-F取得エンジニアが教えるClaude Code開発プロセス活用術
diggymo
2
700
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
15
110k
SRE本の知られざる名シーン / The Hidden Gems of Google SRE Book
nari_ex
1
380
Keeping applications secure by evolving OAuth 2.0 and OpenID Connect
ahus1
PRO
1
160
Amazon EVS で VCF 9.0 / 9.1 のサポート開始まとめ
mtoyoda
0
290
AI Driven AI Governance
pict3
0
380
LLM/Agent評価:トップ営業の発言を「正解」にする 〜暗黙的正解による評価を営業資産に変える〜
takkuhiro
1
220
SRE Next 2026 何でも屋からの脱却
bto
0
690
Featured
See All Featured
Discover your Explorer Soul
emna__ayadi
2
1.2k
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
1
220
Accessibility Awareness
sabderemane
1
150
Side Projects
sachag
455
43k
New Earth Scene 8
popppiees
3
2.4k
How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today
helenjbeal
1
230
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.5k
Darren the Foodie - Storyboard
khoart
PRO
3
3.4k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.6k
Navigating Weather and Climate Data
rabernat
0
320
So, you think you're a good person
axbom
PRO
2
2.1k
Agile Actions for Facilitating Distributed Teams - ADO2019
mkilby
0
220
Transcript
GVLVPLBHP (PͰLVCFSOFUFTPQFSBUPSΛ࣮ͯ͠ ΞϓϦͷϓϨϏϡʔڥΛ࡞Δ
(.0ϖύϘגࣜձࣾ ϗεςΟϯάࣄۀ෦ 43&νʔϜ ΫϥυωΠςΟϒԽͷਪਐ ٱถഅ!UBLVNBLVNF
࣍ wlLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ wࠓճ࣮ͨ͠ιϑτΣΞͷհ w։ൃܦҢ w(PʹΑΔ0QFSBUPS࣮ wॴײ
zLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ
zLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ apiserver kubectl apply Control plane Data plane controller manager
ReplicaSet Pod Pod ࢦఆ͞ΕͨPodͷΛ อͱ͏ͱ͢Δ ReplicaSetͷྫ replicas:2 PodΛ1ͭআͯ͠ ίϯτϩʔϥʔ͕ݕͯ͠ ࠶࡞͞ΕΔ
zLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ apiserver kubectl apply Control plane Data plane controller manager
ReplicaSet Pod Pod ࢦఆ͞ΕͨPodͷΛ อͱ͏ͱ͢Δ ReplicaSetͷྫ replicas:2 PodΛ1ͭআͯ͠ ίϯτϩʔϥʔ͕ݕͯ͠ ࠶࡞͞ΕΔ kubernetes ͜ͷಈ͖Λ֦ுͰ͖Δ kubernetesΛ֦ு͢Δख๏ͷͻͱͭʹOperator͕͋Δ
zLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ apiserver kubectl apply Control plane Data plane Custom Controller
Custom Resource Custom Resource Definition (CRD) + ಠࣗͷϦιʔεఆٛ CRDͷఆٛʹج͍ͮͨ Ϧιʔε CRΛίϯτϩʔϧͯ͠ ఆٛ͞Εͨঢ়ଶʹอͭ kubernetes operator ͷ࣮ମ
ࠓճ࣮ͨ͠ͷ
apiVersion: service-expose.../v1alpha1 kind: ServiceExpose metadata: name: example namespace: ns1 spec:
backend: service: name: example-svc port: number: 8080 domain: example.com path: / pathType: Prefix tlsEnable: true tlsSecretName: example-tls annotations: cert-manager.io/cluster-issuer: letsencrypt apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: example namespace: ns1 annotations: cert-manager.io/cluster-issuer: letsencrypt spec: rules: - host: example-svc.ns1.example.com http: paths: - backend: service: name: example-svc port: number: 8080 path: / pathType: Prefix tls: - hosts: - example-svc.ns1.example.com secretName: example-tls backend: service: name: example-svc port: number: 8080 example-svc ns1 example.com example-svc ns1 example.com example-svc ns1 example.com ࢦఆͨ͠ServiceΛ IngressͰެ։͢Δ ެ։͢Δϗετ໊ͱͯ͠ αʔϏεσΟεΧόϦతʹ ࣗಈͰ༩͢Δ IUUQTHJUIVCDPNUBLVNBLVNFTFSWJDFFYQPTFPQFSBUPS αʔϏε໊ namespace υϝΠϯ Custom Resource
։ൃܦҢ
։ൃܦҢ w 8FCΞϓϦέʔγϣϯΛෳӡ༻͍ͯͯ͠ɺ։ൃؔऀ໊Ҏ্͍ Δ w 1VMM3FRVFTUຖͷϓϨϏϡʔڥΛLVCFSOFUFT্Ͱ࣮ߦ͍ͨ͠ w 1VMM3FRVFTU͕࡞͞ΕͨΒɺઐ༻ͷڥ্ཱ͕͕ͪΔ w ݱࡏͭͷTUBHJOHڥΛ։ൃऀͰڞ༗͍ͯ͠Δ
w σϓϩΠͷखؒ w ར༻ऀͷڝ߹ എܠ
kubernetes cluster app repo system manifests repo Pull Request Github
Actions ArgoCD Config ArgoCD Github Actions ArgoCD Config Pod Ingress Namespace: app-pr-XXX 1.PRͷ࡞ 2.PRͷϒϥϯνΛ kubernetesΫϥελʹ σϓϩΠ͢ΔͨΊͷ ArgoCDͷઃఆΛੜ commit Service 3.ArgoCDͷ ઃఆՃΛݕ 4.ArgoCDͷઃఆΛ σϓϩΠ 5.PRͷϒϥϯνͷ σϓϩΠΛ։࢝ dispatch argocd-util ίϚϯυͰੜ ʲ1VMM3FRVFTUຖͷϓϨϏϡʔڥʳ ArgoCDGithub ActionsΛ׆༻ͯ͠Pull ReqτϦΨʔͰGitOpsͰϓϨϏϡʔڥΛੜ͍ͯ͠Δ 6.PRͷϒϥϯνͷ ϓϨϏϡʔڥ͕࡞ΒΕΔ 7. external-dnsͰAϨίʔυ, cert-managerͰTLSূ໌ॻΛ ࣗಈઃఆ
!"" main.go #"" manifests !"" base $ !"" kustomization.yaml $
!"" app.deployment.yaml $ #"" app.service.yaml #"" overlays !"" production $ !"" kustomization.yaml $ #"" app.ingress.yaml #"" staging !"" kustomization.yaml #"" app.ingress.yaml apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: app-pr-XXX spec: destination: namespace: app-pr-XXX server: https://kubernetes.default.svc source: path: manifests/overlays/staging repoURL: https://github.com/takumakume/app targetRevision: future-branch syncPolicy: syncOptions: - CreateNamespace=true ֤ڥͷmanifestsΛkustomizeͰཧ͍ͯ͠Δ #"" staging !"" kustomization.yaml #"" app.ingress.yaml Pull RequestຖʹNamespaceΛͬͯ stagingڥͷෳΛ࡞͍ͬͯΔ app-pr-XXX ʲ1VMM3FRVFTUຖͷϓϨϏϡʔڥʳ app repo
։ൃܦҢ ٕज़త՝ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: app-ingress
namespace: app spec: rules: - host: staging-app.example.com http: paths: - backend: service: name: app-svc port: number: 8080 path: / pathType: Prefix tls: - hosts: - staging-app.example.com secretName: app-tls staging-app.example.com staging-app.example.com w ڥͷෳ࡞Εͯɺ*OHSFTTͷϗετ ໊෦Λม͑Δ͜ͱ͕Ͱ͖ͳ͍ɻ w LVTUPNJ[Fͷ+40/1BUDIػೳɺZRίϚ ϯυͳͲͰஔͭͭ͠ద༻͢Δ͜ͱͰ ͖Δ͕ཧ͕ࡶʹͳΔɻʢܦݧࡁʣ w ద༻લͰNBOJGFTUTΛॻ͖࣮͑ͭͭ ߦ͢Δͱ(JU0QTʹΑΔԸܙ͕ബΕΔɻ ίί ίί
։ൃܦҢ ࣮ํ w (JU0QT͕Ͱ͖Δ͜ͱ w એݴతͰ͋Δ͜ͱ w ϓϨϏϡʔڥʹΞΫηε͢ΔͨΊͷϗετ໊ΛͲ͏͢Δ͔ʁ w
LVCFSOFUFTͷ4FSWJDF%JTDPWFSZ w 4&37*$&@/".&/".&"1"$&TWDDMVTUFSMPDBM w *OHSFTTͰ࣮ݱͰ͖ΔͱศརͰͳ͍͔
apiVersion: service-expose.../v1alpha1 kind: ServiceExpose metadata: name: example namespace: ns1 spec:
backend: service: name: example-svc port: number: 8080 domain: example.com path: / pathType: Prefix tlsEnable: true tlsSecretName: example-tls annotations: cert-manager.io/cluster-issuer: letsencrypt apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: example namespace: ns1 annotations: cert-manager.io/cluster-issuer: letsencrypt spec: rules: - host: example-svc.ns1.example.com http: paths: - backend: service: name: example-svc port: number: 8080 path: / pathType: Prefix tls: - hosts: - example-svc.ns1.example.com secretName: example-tls backend: service: name: example-svc port: number: 8080 example-svc ns1 example.com example-svc ns1 example.com example-svc ns1 example.com ެ։͢Δ Service αʔϏεσΟεΧόϦతͳ ϗετ໊ΛࣗಈͰ༩ αʔϏε໊ namespace υϝΠϯ ࠶ܝ
kubernetes cluster app repo system manifests repo Pull Request Github
Actions ArgoCD Config ArgoCD Github Actions ArgoCD Config Pod Namespace: app-pr-XXX 1.PRͷ࡞ 2.PRͷϒϥϯνΛ kubernetesΫϥελʹ σϓϩΠ͢ΔͨΊͷ ArgoCDͷઃఆΛੜ commit Service 3.ArgoCDͷ ઃఆՃΛݕ 4.ArgoCDͷઃఆΛ σϓϩΠ 5.PRͷϒϥϯνͷ σϓϩΠΛ։࢝ 6.PRͷϒϥϯνͷ ϓϨϏϡʔڥ͕࡞ΒΕΔ dispatch argocd-util ίϚϯυͰੜ Service Expose ੜ app.app-pr-XXX.example.com Ingress 7. external-dnsͰAϨίʔυ, cert-managerͰTLSূ໌ॻΛ ࣗಈઃఆ ServiceExposeͷΈσϓϩΠ͢Δ͜ͱͰIngressࣗಈੜ͞ΕΔ
(PʹΑΔ0QFSBUPSͷ࣮
(PʹΑΔ0QFSBUPS࣮ w ࣮खஈ w IUUQTLVCFSOFUFTJPEPDTDPODFQUTFYUFOELVCFSOFUFTPQFSBUPS w 0QFSBUPS'SBNFXPSL w $/$'*ODVCBUJOH1SPKFDU
w (PΛ༻͍࣮ͨʹ͓͍ͯ෦ͰLVCFCVJMEFSΛར༻͍ͯ͠Δ
0QFSBUPS'SBNFXPSL w 0QFSBUPS4%, w LVCFSOFUFT"1*ʹਂ͍͕ࣝͳͯ͘ɺϩδοΫʹूதͰ͖ΔΑ͏ ʹӅณͯ͘͠Ε͍ͯΔ w ίʔυδΣωϨʔλʔ w
ςετ w ύοέʔδϯά
0QFSBUPS'SBNFXPSL w ࣮ʹ͋ͨͬͯͬͨ͜ͱ w 0QFSBUPS'SBNFXPSLͷެࣜυΩϡϝϯτ͕ॆ࣮͍ͯ͠ΔͷͰɺج ຊతʹͦ͜Λࢀর͢Δ IUUQTTELPQFSBUPSGSBNFXPSLJPEPDTCVJMEJOHPQFSBUPSTHPMBOH w
ͨ·ʹࡌ͍ͬͯͳ͍߹͕͋ΔͷͰɺLVCFCVJMEFSͷެࣜυΩϡϝ ϯτͰิ͢Δ IUUQTCPPLLVCFCVJMEFSJP w ϕετϓϥΫςΟεͷ࣮ફ IUUQTTELPQFSBUPSGSBNFXPSLJPEPDTCFTUQSBDUJDFTCFTUQSBDUJDFT
w 3FDPODJMFS-PPQͷ࣮͕ϝΠϯ w ྫɿʮ1PEΛݸ࣮ߦ͢Δʯͱఆٛ͢Εͦͷঢ়ଶʹऩଋ͢Δಈ͖ (PʹΑΔ0QFSBUPS࣮ Observe Diff Action ঢ়ଶΛऔಘ
ࠩΛݕग़ ࠩͷमਖ਼
w TFSWJDFFYQPTFPQFSBUPSͷ3FDPODJMFS-PPQ (PʹΑΔ0QFSBUPS࣮ Observe Diff Action - ੜ͖͢IngressͷSpecʁ -
ੜ͖͢Ingressͱݱࡏͷ Ingressͷࠩͳʹ͔ʁ - ࠩΛຒΊΔͨΊʹIngressͷ Create/Update/DeleteΛ࣮ߦ
w ςετ (PʹΑΔ0QFSBUPS࣮ ServiceExpose ঢ়ଶऔಘ Ingress ଘࡏ͢Δ͔ʁ Ingressͷ Ξοϓσʔτ
ඞཁ͔ʁ Ingress ੜ Ingress Ξοϓσʔτ Y Y N N Reconciler Loop w ্هͷΑ͏ʹ0QFSBUPSঢ়ଶભҠ͕ൃੜ͢Δɻ w ͋ΒΏΔύλʔϯͰ3FDPODJMFS-PPQ͕ႈʹͳΔΑ͏ʹςετ͠ ͍ͨɻ
w 0QFSBUPS4%,͕ҎԼͷπʔϧΛ༻͍ͯৼΔ͍ςετͷ࣮ߦڥΛ ఏڙ͍ͯ͠Δ w FOWUFTUDPOUSPMMFSSVOUJNFͷύοέʔδͰɺςετ༻ͷ LVCFSOFUFTDPOUSPMQMBOFΛఏڙ͢Δ w HJOLHP(PMBOHͷ#%%ςετϑϨʔϜϫʔΫ w
HPNFHB(PMBOHͷ.BUDIFS-JCSBSZ HJOLHPͱηοτͰ͏ (PʹΑΔ0QFSBUPS࣮
w ྫ͑ɺ4FSWJDF&YQPTF$VTUPN3FTPVSDF͕σϓϩΠ͞Εͨ͋ͱʹɺ 4UBUVT͕3FBEZʹભҠ͢ΔͷΛͪɺ*OHSFTT͕ੜͰ͖͍ͯΔ͔ͱ͍ ͏ςετ͕ॻ͚Δɻ (PʹΑΔ0QFSBUPS࣮
ॴײ
w (JU0QTͰΧόʔͰ͖ͳ͔ͬͨҰ෦ͷΛΓग़ͯ͠0QFSBUPSͱ͍ ͏ख๏ͰղܾͰ͖ͨɻ w ϓϨϏϡʔڥͷੜશମΛ0QFSBUPSͱ࣮ͯ͢͠Δ͜ͱߟ͑ ͕ͨɺιϑτΣΞΛγϯϓϧʹอͭ΄͏͕ྑ͍ͱߟ͑ͨɻ w (PͰ0QFSBUPSΛ࣮͢Δ্Ͱ0QFSBUPS4%,Λ͕ͬͨɺϩδοΫ ʹूதͰ͖ͯศརͩͬͨɻ
w (Pͱ͍͑ςʔϒϧۦಈςετΛΑ͘͏͕ɺঢ়ଶભҠΛςετ͢ Δ্Ͱ#%%ศརͩͬͨɻ ॴײ