OS ▶ Docker ▶ Kuvernetes
Kubernetes + prometheus + grafana ▶ metric
└ elasticsearch + kibana ▶ log
└ IaC ▶ *.yaml
CI/CD ▶ jenkins, ArgoCD
public cloud ▶ AWS, GCP (5일)
자격증 ▶ CKA, AWS(SAA)
- **Amazon AWS Certified Developer Associate Exam**
- **Amazon AWS Certified Solutions Architect - Associate SAA-C02 Exam**
- **Amazon AWS Certified Solutions Architect - Professional Exam**
docker-compose ▶ orchestration tool ▶ docker swarm / kubernetes
orchestration tool : 다양한 기능을 통해 원하는 서비스를 운영할 수 있음
docker-compose.yaml
docker-compose.yaml or compose.yaml (파일 확장자: yaml, yml)
- 들여쓰기가 까다로움 (indent)
- MSA (multi container a)
- command가 docker CLI와 유사(기능적) ▶ docker 명령어를 알고 있으면 쉽게 작성 가능
yaml 파일 작성법
kevin@hostos1:~/$ cd LABs/
kevin@hostos1:~/LABs$ mkdir mydb && cd $_
kevin@hostos1:~/LABs$ vi docker-compose.yaml
kevin@hostos1:~/LABs$ docker-compose updocker-compose.yaml
version: '3.3'
services:
mydb:
image: mariadb:10.4.6
container_name: mariadb
restart: always # restart=noe vs. kubernetes는 restart=Always
volumes:
- /home/kevin/my_db:/var/lib/mysql
ports:
- '3306:3306'
environment:
MYSQL_ROOT_PASSWORD: pass123#
MYSQL_DATABASE: myprod▶ key에는 띄어쓰기 X
docker-compose build —no-cache 로 처음에 build를 한 뒤 잘 되면 up~!
kevin@hostos1:~/LABs/cloud-webapp$ docker-compose up
kevin@hostos1:~/LABs/cloud-webapp$ docker-compose down
Removing cloud-webapp_webserver_1 ... done
Removing cloud-webapp_redis_1 ... done
Removing network cloud-webapp_default🐳 docker swarm cluster 구축
- manager 선출: RAFT 알고리즘
- manager node : cluster 관리, service 실행 가능
- worker node : service 실행 가능
swarm의 기본값: 모든 노드가 다 service 가능
k8s에서는 manager pod는 cluster 관리만 가능
🐳 container service 시각화
▶ swarmpit 모니터링
docker swarm init ▶ join key 부여 ▶ worker와 연결
swarm manager 선정
kevin@swarm-manager:~$ docker info | grep -i swarm
Swarm: inactive
Name: swarm-manager
kevin@swarm-manager:~$ docker swarm init --advertise-addr 192.168.56.101
Swarm initialized: current node (saj6oj78po7hmsoh0o42owsje) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-1h54ulrsogc5ux877pru5u3r42hpvuz3lwu4xh53cmhcngv130-dxl54pcv6d4b6yi5bnkrp0rge 192.168.56.101:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.- worker들을 add하려는 경우 join key를 주어야 한다.
- swarm manager의 port: 2377
방화벽 없애기
kevin@swarm-manager:~$ sudo ufw disable
Firewall stopped and disabled on system startupworker 추가
kevin@swarm-worker1:~$ docker swarm join --token SWMTKN-1-1h54ulrsogc5ux877pru5u3r42hpvuz3lwu4xh53cmhcngv130-dxl54pcv6d4b6yi5bnkrp0rge 192.168.56.101:2377
This node joined a swarm as a worker.kevin@swarm-worker2:~$ docker swarm join --token SWMTKN-1-1h54ulrsogc5ux877pru5u3r42hpvuz3lwu4xh53cmhcngv130-dxl54pcv6d4b6yi5bnkrp0rge 192.168.56.101:2377
This node joined a swarm as a worker.swarm 활성화
kevin@swarm-manager:~$ docker info | grep -i swarm
Swarm: active
Name: swarm-manager
kevin@swarm-manager:~$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
saj6oj78po7hmsoh0o42owsje * swarm-manager Ready Active Leader 20.10.18
qr15kyzl0moygs1h2eq23xl7g swarm-worker1 Ready Active 20.10.18
c5k5yg7z2fm4dzl72oskvzuf3 swarm-worker2 Ready Active 20.10.18kevin@swarm-manager:~$ sudo netstat -nlp | grep dockerd
tcp6 0 0 :::2377 :::* LISTEN 913/dockerd
tcp6 0 0 :::7946 :::* LISTEN 913/dockerd
udp6 0 0 :::7946 :::* 913/dockerd
unix 2 [ ACC ] STREAM LISTENING 76867 913/dockerd /var/run/docker/swa rm/control.sock
unix 2 [ ACC ] STREAM LISTENING 42722 913/dockerd /var/run/docker/lib network/6211aa53c711.sock
unix 2 [ ACC ] STREAM LISTENING 28450 913/dockerd /var/run/docker/met rics.socswarm이 활성화되면 새로운 network 생성
ingress (overlay): another host와의 통신docker-bridge
service 생성 - **visualizer**
kevin@swarm-manager:~$ docker service create \
--name=viz_swarm \
--publish=8082:8080 \
--constraint=node.role==manager \
--mount=type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
dockersamples/visualizer
service 생성 - **swarmpit**
kevin@swarm-manager:~$ docker run -it --restart=always --name=swarpit-installer -v /var/run/docker.sock:/var/run/docker.sock swarmpit/install:1.9
Application setup
Enter stack name [swarmpit]: swarmpit
Enter application port [888]: 888
Enter database volume driver [local]: local
Enter admin username [admin]: admin
Enter admin password (min 8 characters long): pass123#kevin@swarm-manager:~$ docker service create \
> ubuntu:14.04 \
> /bin/bash -c "while true; do echo 'HELLO DOCKER-SWARM'; sleep 2; done"
kevin@swarm-manager:~$ docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
fgmpvde5tgwz flamboyant_shaw replicated 1/1 ubuntu:14.04
iw8n5quqb3eo viz_swarm replicated 1/1 dockersamples/visualizer:latest *:8082->8080/tcp
kevin@swarm-manager:~$ docker service ps flamboyant_shaw
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
r9s7x73d83zc flamboyant_shaw.1 ubuntu:14.04 swarm-worker1 Running Running 5 minutes ago
kevin@swarm-manager:~$ docker service logs -f flamboyant_shaw
flamboyant_shaw.1.r9s7x73d83zc@swarm-worker1 | HELLO DOCKER-SWARM
flamboyant_shaw.1.r9s7x73d83zc@swarm-worker1 | HELLO DOCKER-SWARM
flamboyant_shaw.1.r9s7x73d83zc@swarm-worker1 | HELLO DOCKER-SWARMkevin@swarm-manager:~$ docker service rm flamboyant_shaw
flamboyant_shaw
kevin@swarm-manager:~$ docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
iw8n5quqb3eo viz_swarm replicated 1/1 dockersamples/visualizer:latest *:8082->8080/tcp myweb service
kevin@swarm-manager:~$ docker service create --name myweb \
--replicas 2 -p 10001:80 nginx:1.23.1-alpinekevin@swarm-manager:~$ docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
mt0i6lecx7z1 myweb replicated 2/2 nginx:1.23.1-alpine *:10001->80/tcp
iw8n5quqb3eo viz_swarm replicated 1/1 dockersamples/visualizer:latest *:8082->8080/tcpkevin@swarm-manager:~$ docker service ps myweb
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
xan02ht4nmd5 myweb.1 nginx:1.23.1-alpine swarm-worker1 Running Running about a minute ago
vfq5pvjx8rm8 myweb.2 nginx:1.23.1-alpine swarm-worker2 Running Running about a minute ago- cluster의 특징: 모든 container에서 접근 가능
scale 변경 가능
kevin@swarm-manager:~$ docker service scale myweb=3
kevin@swarm-manager:~$ docker service scale myweb=1
kevin@swarm-manager:~$ docker service scale myweb=5
모든 노드를 모니터링 할 때 사용 : —mode global
kevin@swarm-manager:~$ docker service create --name global_myweb --mode global nginx:1.23.1-alpine
- 전역 service 확인
docker service ls
- 특정 service의 정보
docker service ps [service 명]
kevin@swarm-manager:~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f2114e0066ba nginx:1.23.1-alpine "/docker-entrypoint.…" 29 seconds ago Up 29 seconds 80/tcp myweb.3.omcm2p5ewpt9411fqb51wsow2
d09a02ac1f33 nginx:1.23.1-alpine "/docker-entrypoint.…" 2 minutes ago Up 2 minutes 80/tcp global_myweb.saj6oj78po7hmsoh0o42owsje.aj0vm35otz5lo7r2s3drw8i8vkevin@swarm-worker1:~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1415f3a38b36 nginx:1.23.1-alpine "/docker-entrypoint.…" 3 minutes ago Up 3 minutes 80/tcp global_myweb.qr15kyzl0moygs1h2eq23xl7g.l4gkz2iox74c4fqcjpl08f808
8f75bd01019a nginx:1.23.1-alpine "/docker-entrypoint.…" 15 minutes ago Up 15 minutes 80/tcp myweb.1.xan02ht4nmd5ls7lj92v56idnkevin@swarm-worker2:~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e2e729b2fe23 nginx:1.23.1-alpine "/docker-entrypoint.…" 3 minutes ago Up 3 minutes 80/tcp global_myweb.c5k5yg7z2fm4dzl72oskvzuf3.ixiqb35ay9lophibyujki0n98
5bd7e2b680f3 nginx:1.23.1-alpine "/docker-entrypoint.…" 5 minutes ago Up 5 minutes 80/tcp myweb.2.nwy9cs647jlet70oxjm3844unkevin@swarm-manager:~$ docker rm -f myweb.3.omcm2p5ewpt9411fqb51wsow2
myweb.3.omcm2p5ewpt9411fqb51wsow2
kevin@swarm-manager:~$ docker service ps myweb
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
xan02ht4nmd5 myweb.1 nginx:1.23.1-alpine swarm-worker1 Running Running 16 minutes ago
nwy9cs647jle myweb.2 nginx:1.23.1-alpine swarm-worker2 Running Running 6 minutes ago
qpjbow21hh3k myweb.3 nginx:1.23.1-alpine swarm-manager Running Running less than a second ago
omcm2p5ewpt9 \_ myweb.3 nginx:1.23.1-alpine swarm-manager Shutdown Failed 5 seconds ago "task: non-zero exit (137)" "task: non-zero exit (137)” : 강제 종료
kevin@swarm-manager:~$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
saj6oj78po7hmsoh0o42owsje * swarm-manager Ready Active Leader 20.10.18
qr15kyzl0moygs1h2eq23xl7g swarm-worker1 Ready Active 20.10.18
c5k5yg7z2fm4dzl72oskvzuf3 swarm-worker2 Ready Active 20.10.18- node에서 가장 큰 에러는 docker service가 죽는 것
kevin@swarm-worker2:~$ sudo service docker stop
[sudo] password for kevin:
Warning: Stopping docker.service, but it can still be activated by:
docker.socketkevin@swarm-manager:~$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
saj6oj78po7hmsoh0o42owsje * swarm-manager Ready Active Leader 20.10.18
qr15kyzl0moygs1h2eq23xl7g swarm-worker1 Ready Active 20.10.18
c5k5yg7z2fm4dzl72oskvzuf3 swarm-worker2 Down Active 20.10.18
kevin@swarm-manager:~$ docker service ps myweb
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
xan02ht4nmd5 myweb.1 nginx:1.23.1-alpine swarm-worker1 Running Running 20 minutes ago
0u2bp6d4qng5 myweb.2 nginx:1.23.1-alpine swarm-worker1 Running Running 13 seconds ago
nwy9cs647jle \_ myweb.2 nginx:1.23.1-alpine swarm-worker2 Shutdown Running 10 minutes ago
qpjbow21hh3k myweb.3 nginx:1.23.1-alpine swarm-manager Running Running 3 minutes ago
omcm2p5ewpt9 \_ myweb.3 nginx:1.23.1-alpine swarm-manager Shutdown Failed 4 minutes ago "task: non-zero exit (137)"- scale을 맞추기 위해 active 상태인 다른 노드에게 work를 넘겨줌
만약 dev team에서 image version update 요청이 왔을 경우
- 무중단으로 rolling update 하는 방법
kevin@swarm-manager:~$ docker service update --image nginx:1.23.1-alpine myweb2kevin@swarm-manager:~$ docker service ps myweb2
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
2vslffveeyvq myweb2.1 nginx:1.23.1-alpine swarm-worker1 Running Running 53 seconds ago
aftr5zs7lsyg \_ myweb2.1 nginx:1.10 swarm-worker1 Shutdown Shutdown 55 seconds ago
syyoo07ylh2e myweb2.2 nginx:1.23.1-alpine swarm-manager Running Running 50 seconds ago
g514he7zt4l8 \_ myweb2.2 nginx:1.10 swarm-manager Shutdown Shutdown 52 seconds ago
pfigztkd3s80 myweb2.3 nginx:1.23.1-alpine swarm-worker2 Running Running 47 seconds ago
lkivrh3481fr \_ myweb2.3 nginx:1.10 swarm-worker2 Shutdown Shutdown 48 seconds ago🐳 Docker swarm + HAproxy + Nginx를 활용한 web service와 Load Balancing
- yaml 파일
version: '3'
services:
nginx:
image: nginx:1.23.1-alpine
deploy:
replicas: 4
placement:
constraints: [node.role != manager]
restart_policy:
condition: on-failure
max_attempts: 3
environment:
SERVICE_PORTS: 80
networks:
- haproxy-web
proxy:
image: dbgurum/haproxy:1.0
depends_on:
- nginx
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 80:80
networks:
- haproxy-web
deploy:
mode: global
placement:
constraints: [node.role == manager]
networks:
haproxy-web:
external: truekevin@swarm-manager:~$ mkdir haproxy-nginx
kevin@swarm-manager:~$ cd haproxy-nginx/
kevin@swarm-manager:~/haproxy-nginx$ docker network create \
--driver=overlay \
--attachable haproxy-web
# yaml 파일 작성
kevin@swarm-manager:~/haproxy-nginx$ vi haproxy-web.yaml
kevin@swarm-manager:~/haproxy-nginx$ docker stack deploy --compose-file=haproxy-web.yaml haproxy-web
Creating service haproxy-web_proxy
Creating service haproxy-web_nginxkevin@swarm-manager:~/haproxy-nginx$ docker stack services haproxy-web
ID NAME MODE REPLICAS IMAGE PORTS
wvwiwu6vggj2 haproxy-web_nginx replicated 4/4 nginx:1.23.1-alpine
jiegzlfltuul haproxy-web_proxy global 1/1 dbgurum/haproxy:1.0 *:80->80/tcp
kevin@swarm-manager:~/haproxy-nginx$ docker stack ps haproxy-web
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
mxjhxtc0kc1r haproxy-web_nginx.1 nginx:1.23.1-alpine swarm-worker2 Running Running 5 minutes ago
xhc2tmopw7aj haproxy-web_nginx.2 nginx:1.23.1-alpine swarm-worker1 Running Running 5 minutes ago
jsaql1f83gju haproxy-web_nginx.3 nginx:1.23.1-alpine swarm-worker2 Running Running 5 minutes ago
m4hmiwnt6hag haproxy-web_nginx.4 nginx:1.23.1-alpine swarm-worker1 Running Running 5 minutes ago
46ozxfx2ucsv haproxy-web_proxy.saj6oj78po7hmsoh0o42owsje dbgurum/haproxy:1.0 swarm-manager Running Running 5 minutes agokevin@swarm-manager:~/haproxy-nginx$ docker service logs -f haproxy-web_nginx
