다음의 Qwiklabs 과정을 거치면서 모르던 내용들 그리고 배웠던 내용들에 대해 써보았다:
- Kubernetes Engine: Qwik Start
- Orchestrating the Cloud with Kubernetes
우선, 저 과정을 거치면서 모르거나 새로 배운 내용들에 대한 정의를 써보도록 하겠다. 나름 나의 해석?도 들어가 있는 것이라 정확하지는 않을 수도 있으나, 최대한 찾아본 내용을 토대로 썼다:
- gsutil: gsutil is a python application that lets you access Google Cloud Storage from the command line
- gsutil cp command: A gsutil cp command allows you to copy data between your local file system and the cloud, within the cloud, and between cloud storage providers
- kubectl: A command line tool used to run commands against Kubernetes clusters
- Deployments in Kubernetes: A resources object in Kubernetes that provides declarative updates to applications. Deployments keep the pods up and running even when the nodes they run on fail. A declarative way to ensure that the number of Pods running is equal to the desired number of Pods, specified by the user.
- Volumes in pods: Data disks that live as long as the pods live, and can be used by containers in the pod
- Pods (more about them): Represent and hold a collection of one or more containers. If you have multiple containers with a hard dependency on each other, you package the containers inside a single pod. Pods can be stopped or started - failed liveness ro readiness checks. One IP per pod, and have shared namespaces for the contents inside. Deployments use Replica Sets to manage starting / stopping Pods
- Replica Set: Pod(Object)를 복제 생성하고, 복제된 Pod의 개수를 (Specified number) 지속적으로 유지해주는 controller이다. 예를 들어 Deployment application 안에 Node1, Node2, Node3가 있는데 Node3 goes down taking a Pod with it 이 된다면, 새로 Pod를 만들어서 Node를 찾는 것이 아닌, 새로운 Pod를 만들어서 Node2에서 자동적으로 실행시켜준다:
- cat command: Reads data from the file and gives their content as output
- curl command: command line 용 data transfer tool이다. Designed to work without user interaction,
- kubectl port-forward: map a local port to a port inside the monolith pod
- JWT Token: Json Web Token - A server generates a token that certifies the user identity, and send it to the client → 회원 인증에 많이 사용함
- Endpoint Security: The process of securing the various endpoints on a network, often defined as end-user devices (mobile devices, laptops, etc...), but hardware such as servers in a data center are also considered endpoints
- kubectl exec: Runs an interactive shell inside the Monolith Pod. Possible to troubleshoot from within a container
- ping command: when inside the container, ping is used to test external connectivity
- Service: Provide stable, persistent endpoint for pods. Uses Labes to select pods, There are 3 types of Services:
- Cluster IP(internal IP): This Service is only visible inside of the cluster
- Nodeport: Gives each node in the cluster an externally accessible IP → A monolith service is a Nodeport Service
- LoadBalancer: Adds a load balancer from the cloud provider which forwards traffic from the service to Nodes within it.
- Health Checks: Amond the immediate remedies offered by a cloud provider to ensure early detectioㅜ nand reporting of a service failure.
- Relationship between Deployments and Services in Kubernetes: A deployment is responsible for keeping a set of pods running, while a service is responsible for enabling network access to a set of pods. A deployment can be used without a service to keep a set of identical pods running in the Kubernetes Cluster
Creating Deployments
이번에 배운 부분에서 Creating Deployments에서 기록을 남겨둬야 할만한 부분이 있어서 쓴다. Qwiklabs에 소개된 내용은 다음과 같다:
근데 이 replica set과 deployment, service 사이의 관계가 너무나도 헷갈려서 Google Cloud Documents 와 인터넷 서칭등을 해보면 다음과 같은 structure 있다는 것을 보여준다.
즉, 한개의 deployment 당 이를 관리하는 1개의 service가 있는 것이다. 내가 실습했던 Qwiklabs의 경우에도 deployment 하나당 service 하나가 있는 것이므로, 위의 그림과는 같으나, pods의 갯수는 각각 다르게 있을 수 있는 것이다.
※ 마지막 kubectl create -f deployments/auth.yaml, kubectl create -f deployments/hello.yaml, kubectl create -f deployments/frontend.yaml에서 다음과 같은 오류가 난다.
구글링을 통해 다음과 같은 방법을 찾았다:
kubectl convert -f deployments/frontend.yaml --output-version apps/v1 > /tmp/foo && mv /tmp/foo deployments/frontend.yaml여기서 frontend / auth / hello를 바꿔가면서 해주면 된다. 빠른 시일 내에 오류가 해결됐으면 좋겠다.
