Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Goでkubernetes operatorを実装してアプリのプレビュー環境を作る/go-kubernetes-operator

22522e2bc35255ab75308c399ff782f6?s=47 Takuma Kume
June 10, 2021
Technology
0
110

Goでkubernetes operatorを実装してアプリのプレビュー環境を作る/go-kubernetes-operator

fukuoka.go#17

22522e2bc35255ab75308c399ff782f6?s=128

Takuma Kume

June 10, 2021
Tweet

More Decks by Takuma Kume

See All by Takuma Kume
GitOpsで実現するPull Request毎のプレビュー環境/Preview environment for each Pull Request by GitOps
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
0
120
クラウドネイティブな開発環境への移行/Move to the cloud native development environment
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
1
320
200万ドメインを超えるレンタルサーバのコンテンツキャッシュ機能の裏側/2_million_more_than_the_domain_the_back_of_the_rental_server_content_cache
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
10
2.3k
DDoS攻撃との終わりなき戦い/endless_battle_with_ddos_attack
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
5
9.6k
toward_systematization_of_linux_trace_tool
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
0
110
eBPF入門 /eBPF-getting-started
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
6
6k
Webサーバ拡張における排他制御のパフォーマンスチューニング /performance_tuning_of_exclusive_control in_web_server extension
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
7
1.8k
ホスティングにおける安定運用のためのアクセスコントロール手法
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
3
1.9k
MHAでデータベースの運用を楽にしよう!
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
0
780

Other Decks in Technology

See All in Technology
#awsbasics [LT] サーバレスECにおける Step Functions の使い方
74cec195bfb6cb5165256d88cb7fcf0f?s=48 miu_crescent
0
860
Life Hacker with LINE Bot and GitHub API
2102a6b8760bd6f57f672805723dd83a?s=48 line_developers_tw
PRO
0
5.2k
Power BI のうらがわ
0cc2ebc5781bcb2cae5f9ab7efa40ff2?s=48 hanaseleb
1
160
テクニカルライティングの検定を受けてみた話 / "My Story About Taking the Technical Writing Exam
A3966f193f4bef226a0d3e3c1f728d7f?s=48 line_developers
PRO
1
220
やってみたLT会 Fleet Managerのススメ
3282faa17a370dd254382f4bf2c7ba3a?s=48 yukiiiiikuma
PRO
0
410
20220731 如何跟隨開源技術保持你的職涯發展
D907136acebc72f1df878541b26f271a?s=48 pichuang
0
120
Red Hat Enterprise Linux 9のリリースノートを読む前に知りたい最近のキーワードをまとめて復習
79c2f7db29ee6df3e1ceb85c6a0126d3?s=48 moriwaka
0
370
増田亨さんによる 「設計の考え方とやり方」勉強会オープニング
8ccb6288c8b9f34d6917a14d42e66cbe?s=48 tsuyok
0
220
開発環境のセキュリティおよびCI/CDパイプラインのセキュア化
Dc03bf56cb3157b6036f9818593d7e40?s=48 rung
PRO
12
5.1k
2022 COSCUP - GKE Backend Cluster 除雷分享
89f41026db2c96853402524fca4a2ff8?s=48 brentchang
0
120
データをコネコネ!メール配信用データ生成の仕組み
Cdb7fe48c050935995f8a6a58a5ceba9?s=48 kappezoro
0
120
VS Code Meetup #21 - もう一度知りたい基礎編 - ファイル操作、コーディングの基本編
Fc815be82d09a2e922d4000b65b9f83b?s=48 74th
0
200

Featured

See All Featured
A designer walks into a library…
15f2b8221f247985a27a627d2ece72f0?s=48 pauljervisheath
196
16k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
B3ace07412a5178ea778e7eec161fc0a?s=48 jcasabona
12
940
Mobile First: as difficult as doing things right
0fe2973fa8d27d96547e43322341183a?s=48 swwweet
213
7.6k
A better future with KSS
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
226
16k
The Cult of Friendly URLs
Ded01cdab114abe4ec13511e4c25b9bb?s=48 andyhume
68
4.8k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
651dcfe41723207fbb0aa044a4f7c07f?s=48 dotmariusz
100
6k
Making Projects Easy
C4de88ea47538e4594750e3861a341c8?s=48 brettharned
98
4.4k
Learning to Love Humans: Emotional Interface Design
5f50f94346fbcb23706f0707169317a4?s=48 aarron
261
37k
Imperfection Machines: The Place of Print at Facebook
7c8469ee8c9e594c65c59b919626c08d?s=48 scottboms
253
12k
GraphQLの誤解/rethinking-graphql
3cb4e761dbdb7aebd1ffd85f752e1e3e?s=48 sonatard
31
6.8k
GitHub's CSS Performance
64827b31aef81498662e8af4bd6d5157?s=48 jonrohan
1020
420k
Gamification - CAS2011
4394ceb8b277f35ee3da7030384efb5d?s=48 davidbonilla
75
3.9k

Transcript

  1. GVLVPLBHP (PͰLVCFSOFUFTPQFSBUPSΛ࣮૷ͯ͠ ΞϓϦͷϓϨϏϡʔ؀ڥΛ࡞Δ

  2. (.0ϖύϘגࣜձࣾ ϗεςΟϯάࣄۀ෦ 43&νʔϜ Ϋϥ΢υωΠςΟϒԽͷਪਐ ٱถ୓അ!UBLVNBLVNF

  3. ໨࣍ wlLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ͸ wࠓճ࣮૷ͨ͠ιϑτ΢ΣΞͷ঺հ w։ൃܦҢ w(PʹΑΔ0QFSBUPS࣮૷ wॴײ

  4. zLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ͸

  5. zLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ͸ apiserver kubectl apply Control plane Data plane controller manager

    ReplicaSet Pod Pod ࢦఆ͞ΕͨPodͷ਺Λ อͱ͏ͱ͢Δ ReplicaSetͷྫ replicas:2 PodΛ1ͭ࡟আͯ͠΋ ίϯτϩʔϥʔ͕ݕ஌ͯ͠ ࠶࡞੒͞ΕΔ

  6. zLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ͸ apiserver kubectl apply Control plane Data plane controller manager

    ReplicaSet Pod Pod ࢦఆ͞ΕͨPodͷ਺Λ อͱ͏ͱ͢Δ ReplicaSetͷྫ replicas:2 PodΛ1ͭ࡟আͯ͠΋ ίϯτϩʔϥʔ͕ݕ஌ͯ͠ ࠶࡞੒͞ΕΔ kubernetes͸ ͜ͷಈ͖Λ֦ுͰ͖Δ kubernetesΛ֦ு͢Δख๏ͷͻͱͭʹOperator͕͋Δ

  7. zLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ͸ apiserver kubectl apply Control plane Data plane Custom Controller

    Custom Resource Custom Resource Definition (CRD) + ಠࣗͷϦιʔεఆٛ CRDͷఆٛʹج͍ͮͨ Ϧιʔε CRΛίϯτϩʔϧͯ͠ ఆٛ͞Εͨঢ়ଶʹอͭ kubernetes operator ͷ࣮ମ

  8. ࠓճ࣮૷ͨ͠΋ͷ

  9. apiVersion: service-expose.../v1alpha1 kind: ServiceExpose metadata: name: example namespace: ns1 spec:

    backend: service: name: example-svc port: number: 8080 domain: example.com path: / pathType: Prefix tlsEnable: true tlsSecretName: example-tls annotations: cert-manager.io/cluster-issuer: letsencrypt apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: example namespace: ns1 annotations: cert-manager.io/cluster-issuer: letsencrypt spec: rules: - host: example-svc.ns1.example.com http: paths: - backend: service: name: example-svc port: number: 8080 path: / pathType: Prefix tls: - hosts: - example-svc.ns1.example.com secretName: example-tls backend: service: name: example-svc port: number: 8080 example-svc ns1 example.com example-svc ns1 example.com example-svc ns1 example.com ࢦఆͨ͠ServiceΛ IngressͰެ։͢Δ ެ։͢Δϗετ໊ͱͯ͠ αʔϏεσΟεΧόϦతʹ ࣗಈͰ෇༩͢Δ IUUQTHJUIVCDPNUBLVNBLVNFTFSWJDFFYQPTFPQFSBUPS αʔϏε໊ namespace υϝΠϯ Custom Resource

  10. ։ൃܦҢ

  11. ։ൃܦҢ w 8FCΞϓϦέʔγϣϯΛෳ਺ӡ༻͍ͯͯ͠ɺ։ൃؔ܎ऀ͸໊Ҏ্͍ Δ w 1VMM3FRVFTUຖͷϓϨϏϡʔ؀ڥΛLVCFSOFUFT্Ͱ࣮ߦ͍ͨ͠ w 1VMM3FRVFTU͕࡞੒͞ΕͨΒɺઐ༻ͷ؀ڥ্ཱ͕͕ͪΔ w ݱࡏ͸ͭͷTUBHJOH؀ڥΛ։ൃऀͰڞ༗͍ͯ͠Δ

    w σϓϩΠͷखؒ w ར༻ऀͷڝ߹  എܠ

  12. kubernetes cluster app repo system manifests repo Pull Request Github

    Actions ArgoCD Config ArgoCD Github Actions ArgoCD Config Pod Ingress Namespace: app-pr-XXX 1.PRͷ࡞੒ 2.PRͷϒϥϯνΛ kubernetesΫϥελʹ σϓϩΠ͢ΔͨΊͷ ArgoCDͷઃఆΛੜ੒ commit Service 3.ArgoCDͷ ઃఆ௥ՃΛݕ஌ 4.ArgoCDͷઃఆΛ σϓϩΠ 5.PRͷϒϥϯνͷ σϓϩΠΛ։࢝ dispatch argocd-util ίϚϯυͰੜ੒ ʲ1VMM3FRVFTUຖͷϓϨϏϡʔ؀ڥʳ ArgoCD΍Github ActionsΛ׆༻ͯ͠Pull ReqτϦΨʔͰGitOpsͰϓϨϏϡʔ؀ڥΛੜ੒͍ͯ͠Δ 6.PRͷϒϥϯνͷ ϓϨϏϡʔ؀ڥ͕࡞ΒΕΔ 7. external-dnsͰAϨίʔυ, cert-managerͰTLSূ໌ॻΛ ࣗಈઃఆ

  13. !"" main.go #"" manifests !"" base $ !"" kustomization.yaml $

    !"" app.deployment.yaml $ #"" app.service.yaml #"" overlays !"" production $ !"" kustomization.yaml $ #"" app.ingress.yaml #"" staging !"" kustomization.yaml #"" app.ingress.yaml apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: app-pr-XXX spec: destination: namespace: app-pr-XXX server: https://kubernetes.default.svc source: path: manifests/overlays/staging repoURL: https://github.com/takumakume/app targetRevision: future-branch syncPolicy: syncOptions: - CreateNamespace=true ֤؀ڥͷmanifestsΛkustomizeͰ؅ཧ͍ͯ͠Δ #"" staging !"" kustomization.yaml #"" app.ingress.yaml Pull RequestຖʹNamespaceΛ੾ͬͯ staging؀ڥͷෳ੡Λ࡞͍ͬͯΔ app-pr-XXX ʲ1VMM3FRVFTUຖͷϓϨϏϡʔ؀ڥʳ app repo

  14. ։ൃܦҢ  ٕज़త՝୊ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: app-ingress

    namespace: app spec: rules: - host: staging-app.example.com http: paths: - backend: service: name: app-svc port: number: 8080 path: / pathType: Prefix tls: - hosts: - staging-app.example.com secretName: app-tls staging-app.example.com staging-app.example.com w ؀ڥͷෳ੡͸࡞Εͯ΋ɺ*OHSFTTͷϗετ ໊෦෼Λม͑Δ͜ͱ͕Ͱ͖ͳ͍ɻ w LVTUPNJ[Fͷ+40/1BUDIػೳ΍ɺZRίϚ ϯυͳͲͰஔ׵ͭͭ͠ద༻͢Δ͜ͱ͸Ͱ ͖Δ͕؅ཧ͕൥ࡶʹͳΔɻʢܦݧࡁʣ  w ద༻௚લͰNBOJGFTUTΛॻ͖׵࣮͑ͭͭ ߦ͢Δͱ(JU0QTʹΑΔԸܙ͕ബΕΔɻ ίί ίί

  15. ։ൃܦҢ  ࣮૷ํ਑ w (JU0QT͕Ͱ͖Δ͜ͱ w એݴతͰ͋Δ͜ͱ w ϓϨϏϡʔ؀ڥʹΞΫηε͢ΔͨΊͷϗετ໊ΛͲ͏͢Δ͔ʁ w

    LVCFSOFUFTͷ4FSWJDF%JTDPWFSZ w 4&37*$&@/".&/".&"1"$&TWDDMVTUFSMPDBM w *OHSFTTͰ࣮ݱͰ͖ΔͱศརͰ͸ͳ͍͔

  16. apiVersion: service-expose.../v1alpha1 kind: ServiceExpose metadata: name: example namespace: ns1 spec:

    backend: service: name: example-svc port: number: 8080 domain: example.com path: / pathType: Prefix tlsEnable: true tlsSecretName: example-tls annotations: cert-manager.io/cluster-issuer: letsencrypt apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: example namespace: ns1 annotations: cert-manager.io/cluster-issuer: letsencrypt spec: rules: - host: example-svc.ns1.example.com http: paths: - backend: service: name: example-svc port: number: 8080 path: / pathType: Prefix tls: - hosts: - example-svc.ns1.example.com secretName: example-tls backend: service: name: example-svc port: number: 8080 example-svc ns1 example.com example-svc ns1 example.com example-svc ns1 example.com ެ։͢Δ Service αʔϏεσΟεΧόϦతͳ ϗετ໊ΛࣗಈͰ෇༩ αʔϏε໊ namespace υϝΠϯ ࠶ܝ

  17. kubernetes cluster app repo system manifests repo Pull Request Github

    Actions ArgoCD Config ArgoCD Github Actions ArgoCD Config Pod Namespace: app-pr-XXX 1.PRͷ࡞੒ 2.PRͷϒϥϯνΛ kubernetesΫϥελʹ σϓϩΠ͢ΔͨΊͷ ArgoCDͷઃఆΛੜ੒ commit Service 3.ArgoCDͷ ઃఆ௥ՃΛݕ஌ 4.ArgoCDͷઃఆΛ σϓϩΠ 5.PRͷϒϥϯνͷ σϓϩΠΛ։࢝ 6.PRͷϒϥϯνͷ ϓϨϏϡʔ؀ڥ͕࡞ΒΕΔ dispatch argocd-util ίϚϯυͰੜ੒ Service Expose ੜ੒ app.app-pr-XXX.example.com Ingress 7. external-dnsͰAϨίʔυ, cert-managerͰTLSূ໌ॻΛ ࣗಈઃఆ ServiceExposeͷΈσϓϩΠ͢Δ͜ͱͰIngress͸ࣗಈੜ੒͞ΕΔ

  18. (PʹΑΔ0QFSBUPSͷ࣮૷

  19. (PʹΑΔ0QFSBUPS࣮૷  w ࣮૷खஈ w IUUQTLVCFSOFUFTJPEPDTDPODFQUTFYUFOELVCFSOFUFTPQFSBUPS w 0QFSBUPS'SBNFXPSL w $/$'*ODVCBUJOH1SPKFDU

    w (PΛ༻͍࣮ͨ૷ʹ͓͍ͯ͸಺෦ͰLVCFCVJMEFSΛར༻͍ͯ͠Δ

  20. 0QFSBUPS'SBNFXPSL  w 0QFSBUPS4%, w LVCFSOFUFT"1*ʹਂ͍஌͕ࣝͳͯ͘΋ɺϩδοΫʹूதͰ͖ΔΑ͏ ʹӅณͯ͘͠Ε͍ͯΔ w ίʔυδΣωϨʔλʔ w

    ςετ w ύοέʔδϯά

  21. 0QFSBUPS'SBNFXPSL  w ࣮૷ʹ͋ͨͬͯ΍ͬͨ͜ͱ w 0QFSBUPS'SBNFXPSLͷެࣜυΩϡϝϯτ͕ॆ࣮͍ͯ͠ΔͷͰɺج ຊతʹ͸ͦ͜Λࢀর͢Δ IUUQTTELPQFSBUPSGSBNFXPSLJPEPDTCVJMEJOHPQFSBUPSTHPMBOH  w

    ͨ·ʹࡌ͍ͬͯͳ͍৔߹͕͋ΔͷͰɺLVCFCVJMEFSͷެࣜυΩϡϝ ϯτͰิ׬͢Δ IUUQTCPPLLVCFCVJMEFSJP  w ϕετϓϥΫςΟεͷ࣮ફ IUUQTTELPQFSBUPSGSBNFXPSLJPEPDTCFTUQSBDUJDFTCFTUQSBDUJDFT 

  22.  w 3FDPODJMFS-PPQͷ࣮૷͕ϝΠϯ w ྫɿʮ1PEΛݸ࣮ߦ͢Δʯͱఆٛ͢Ε͹ͦͷঢ়ଶʹऩଋ͢Δಈ͖ (PʹΑΔ0QFSBUPS࣮૷ Observe Diff Action ঢ়ଶΛऔಘ

    ࠩ෼Λݕग़ ࠩ෼ͷमਖ਼

  23.  w TFSWJDFFYQPTFPQFSBUPSͷ3FDPODJMFS-PPQ (PʹΑΔ0QFSBUPS࣮૷ Observe Diff Action - ੜ੒͢΂͖IngressͷSpec͸ʁ -

    ੜ੒͢΂͖Ingressͱݱࡏͷ Ingressͷࠩ෼͸ͳʹ͔ʁ - ࠩ෼ΛຒΊΔͨΊʹIngressͷ Create/Update/DeleteΛ࣮ߦ

  24.  w ςετ (PʹΑΔ0QFSBUPS࣮૷ ServiceExpose ঢ়ଶऔಘ Ingress͸ ଘࡏ͢Δ͔ʁ Ingressͷ Ξοϓσʔτ͸

    ඞཁ͔ʁ Ingress ੜ੒ Ingress Ξοϓσʔτ Y Y N N Reconciler Loop w ্هͷΑ͏ʹ0QFSBUPS͸ঢ়ଶભҠ͕ൃੜ͢Δɻ w ͋ΒΏΔύλʔϯͰ3FDPODJMFS-PPQ͕ႈ౳ʹͳΔΑ͏ʹςετ͠ ͍ͨɻ

  25.  w 0QFSBUPS4%,͕ҎԼͷπʔϧΛ༻͍ͯৼΔ෣͍ςετͷ࣮ߦ؀ڥΛ ఏڙ͍ͯ͠Δ w FOWUFTUDPOUSPMMFSSVOUJNFͷύοέʔδͰɺςετ༻ͷ LVCFSOFUFTDPOUSPMQMBOFΛఏڙ͢Δ w HJOLHP(PMBOHͷ#%%ςετϑϨʔϜϫʔΫ w

    HPNFHB(PMBOHͷ.BUDIFS-JCSBSZ HJOLHPͱηοτͰ࢖͏ (PʹΑΔ0QFSBUPS࣮૷

  26.  w ྫ͑͹ɺ4FSWJDF&YQPTF$VTUPN3FTPVSDF͕σϓϩΠ͞Εͨ͋ͱʹɺ 4UBUVT͕3FBEZʹભҠ͢ΔͷΛ଴ͪɺ*OHSFTT͕ੜ੒Ͱ͖͍ͯΔ͔ͱ͍ ͏ςετ͕ॻ͚Δɻ (PʹΑΔ0QFSBUPS࣮૷

  27. ॴײ

  28.  w (JU0QTͰΧόʔͰ͖ͳ͔ͬͨҰ෦ͷ໰୊Λ੾Γग़ͯ͠0QFSBUPSͱ͍ ͏ख๏ͰղܾͰ͖ͨɻ w ϓϨϏϡʔ؀ڥͷੜ੒શମΛ0QFSBUPSͱ࣮ͯ͠૷͢Δ͜ͱ΋ߟ͑ ͕ͨɺιϑτ΢ΣΞΛγϯϓϧʹอͭ΄͏͕ྑ͍ͱߟ͑ͨɻ w (PͰ0QFSBUPSΛ࣮૷͢Δ্Ͱ0QFSBUPS4%,Λ࢖͕ͬͨɺϩδοΫ ʹूதͰ͖ͯศརͩͬͨɻ

    w (Pͱ͍͑͹ςʔϒϧۦಈςετΛΑ͘࢖͏͕ɺঢ়ଶભҠΛςετ͢ Δ্Ͱ#%%͸ศརͩͬͨɻ ॴײ