CKA - Networking -2

KodeKloud - CKA - Network 정리

---

Service Networking

 

What network range are the nodes in the cluster part of?

클러스터 노드가 속한 네트워크 범위는?

kubectl get nodes -o wide

 

What is the range of IP addresses configured for PODs on this cluster?

이 클러스터의 POD에 대해 구성된 IP 주소 범위는 무엇입니까?

kubectl logs <weave-pod-name> weave -n kube-system

• 어떤 cni 사용 중인지 확인 -> 위브니까 파드 로그로 확인

INFO: 2022/11/08 11:46:30.769131 adding entry 10.50.0.0/16 to weaver-no-masq-local of 0
INFO: 2022/11/08 11:46:30.769173 added entry 10.50.0.0/16 to weaver-no-masq-local of 0

 

What is the IP Range configured for the services within the cluster?

서비스에 대한 IP 범위 구성은 무엇인가?

cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep cluster-ip-range

• static pod 설정 파일 중 kube-apiserver 파일에 들어가서 cluster-ip-rage 확인

kubectl describe pod kube-apiserver-controlplane -n kube-system

• 아니면 apiserver pod 를 describe로 출력하여 cluster-ip-range 확인

--service-cluster-ip-range=10.96.0.0/12

 

How many kube-proxy pods are deployed in this cluster?

kubectl get pod -n kube-system

• 각 노드에 배포되니까 노드 수만큼 존재

 

What type of proxy is the kube-proxy configured to use?

kubectl logs <kube-proxy-pod-name> -n kube-system

I1108 11:46:16.204845       1 server_others.go:578] "Unknown proxy mode, assuming iptables proxy" proxyMode=""
I1108 11:46:16.257479       1 server_others.go:206] "Using iptables Proxier"

 

How does this Kubernetes cluster ensure that a kube-proxy pod runs on all nodes in the cluster?

데몬셋으로 보장한다. 

---

CoreDNS in Kubernetes

 

Identify the DNS solution implemented in this cluster.

이 클러스터에 구현된 DNS 솔루션을 식별

kube-system   coredns-6d4b75cb6d-dx9fn               1/1     Running   0          87s
kube-system   coredns-6d4b75cb6d-xbn6b               1/1     Running   0          87s

 

How many pods of the DNS server are deployed?

2

 

 

What is the name of the service created for accessing CoreDNS?

kube-system   kube-dns       ClusterIP   10.96.0.10       <none>        53/UDP,53/TCP,9153/TCP   4m20s

 

What is the IP of the CoreDNS server that should be configured on PODs to resolve services?

서비스를 해결하기 위해 POD에서 구성해야 하는 CoreDNS 서버의 IP는 무엇입니까?

kube-system   kube-dns       ClusterIP   10.96.0.10       <none>        53/UDP,53/TCP,9153/TCP   4m20s

 

Where is the configuration file located for configuring the CoreDNS service?

CoreDNS 서비스를 구성하기 위한 구성 파일은 어디에 있습니까? 

kubectl -n kube-system describe deployments.apps coredns | grep -A2 Args | grep Corefile

• coredns는 kube-systm 네임스페이스에 deployment로 배포되어 있음

    Args:
      -conf
      /etc/coredns/Corefile

 

How is the Corefile passed in to the CoreDNS POD?

Corefile은 CoreDNS POD에 어떻게 전달됩니까?

Configured as a ConfigMap object

• ConfiMap 오브젝트를 통해서 전달

 

What is the name of the ConfigMap object created for Corefile?

kubectl get cm -n kube-system

kube-system       coredns                              1      12m

 

What is the root domain/zone configured for this kubernetes cluster?

kubectl describe configmap coredns -n kube-system

   ready
    kubernetes cluster.local in-addr.arpa ip6.arpa {
       pods insecure
       fallthrough in-addr.arpa ip6.arpa
       ttl 30
    }

 

What name can be used to access the hr web server from the test Application?

테스트 응용 프로그램에서 hr 웹 서버에 액세스하는 데 사용할 수 있는 이름은 무엇입니까?

kubectl get svc

kubectl describe svc web-service
Selector:          name=hr

 

Which of the names CANNOT be used to access the HR service from the test pod?

테스트 포드에서 HR 서비스에 액세스하는 데 사용할 수 없는 이름은 무엇입니까?

web-service.default.pod

 

Which of the below name can be used to access the payroll service from the test application?

테스트 애플리케이션에서 급여 서비스에 액세스하는 데 사용할 수 있는 이름은 다음 중 무엇입니까?

web-service.payroll

 

Which of the below name CANNOT be used to access the payroll service from the test application?

web-service.payroll.svc.cluster

 

We just deployed a web server - webapp - that accesses a database mysql - server. However the web server is failing to connect to the database server. Troubleshoot and fix the issue.

kubectl get pod,svc -A

• mysql의 서비스 주소와 포트가 제대로인지 확인

kubectl edit deploy webapp

• 올바른 DB_Host 값으로 변경 -> mysql.payroll
• payroll       service/mysql            ClusterIP   10.98.165.8      <none>        3306/TCP                 59s
  참고하여 접근 서비스 주소는 mysql.payroll로 가능하다는것을 확인

 

From the hr pod nslookup the mysql service and redirect the output to a file /root/CKA/nslookup.out

hr pod로부터 mysql 서비스를 nslookup 하고 출력을 /root/CKA/nslookup.out 파일로 리디렉션

kubectl exec -it hr -- nslookup mysql.payroll > /root/CKA/nslookup.out

• nslookup 은 name server 관련한 조회를 할 수 있는 명령어
• 서버의 네트워크가 제대로 설정되었는지 확인하는 용도로도 사용
  
• IP 조회

조회 결과

Server:         10.96.0.10
Address:        10.96.0.10#53

Name:   mysql.payroll.svc.cluster.local
Address: 10.98.165.8

---

Ingress Networking – 1

 

https://kubernetes.io/docs/concepts/services-networking/ingress/ 

Ingress

인그레스는 클러스터 외부에서 클러스터 내부 서비스로 HTTP와 HTTPS 경로를 노출한다. 트래픽 라우팅은 인그레스 리소스에 정의된 규칙에 의해 컨트롤된다.

 

 

We have deployed Ingress Controller, resources and applications. Explore the setup.

Which namespace is the Ingress Controller deployed in?

ingress-nginx   ingress-nginx-admission-create-dbx8s        0/1     Completed   0          34s
ingress-nginx   ingress-nginx-admission-patch-znj48         0/1     Completed   1          34s
ingress-nginx   ingress-nginx-controller-75f5d9c477-7d4np   0/1     Running     0          34s

 

What is the name of the Ingress Controller Deployment?

ingress-nginx   ingress-nginx-controller   1/1     1            1           106s

 

Which namespace are the applications deployed in?

 kubectl get pods -A

 

How many applications are deployed in the app-space namespace?

app-space       default-backend            1/1     1            1           108s
app-space       webapp-video               1/1     1            1           108s
app-space       webapp-wear                1/1     1            1           108s

 

Which namespace is the Ingress Resource deployed in?

kubectl get ingress -A

 

What is the name of the Ingress Resource?

app-space   ingress-wear-watch   <none>   *       10.96.178.225   80      4m35s

 

What is the Host configured on the Ingress Resource?

*

 

What backend is the /wear path on the Ingress configured with?

kubectl describe ingress --namespace app-space
Rules:
  Host        Path  Backends
  ----        ----  --------
  *           
              /wear    wear-service:8080 (10.244.0.4:8080)
              /watch   video-service:8080 (10.244.0.5:8080)

 

At what path is the video streaming application made available on the Ingress?

/watch

 

If the requirement does not match any of the configured paths what service are the requests forwarded to?

요구 사항이 구성된 경로와 일치하지 않는 경우 요청이 전달되는 서비스는 무엇입니까?

No Service

 

Now view the Ingress Service using the tab at the top of the terminal. Which page do you see?

404 Error page

 

You are requested to change the URLs at which the applications are made available.

kubectl edit ingress -n app-space ingress-wear-watch

• Ingress: ingress-wear-watch
• Path: /stream
• Backend Service: video-service
• Backend Service Port: 8080

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
  name: ingress-wear-watch
  namespace: app-space
spec:
  rules:
  - http:
      paths:
      - backend:
          service:
            name: wear-service
            port:
              number: 8080
        path: /wear
        pathType: Prefix
      - backend:
          service:
            name: video-service
            port:
              number: 8080
        path: /stream
        pathType: Prefix

View the Video application using the /stream URL in your browser.

 

 

A user is trying to view the /eat URL on the Ingress Service. Which page would he see?

404 Error page

 

Due to increased demand, your business decides to take on a new venture. You acquired a food delivery company. Their applications have been migrated over to your cluster.

kubectl edit ingress -n app-space ingress-wear-watch

• Ingress: ingress-wear-watch
• Path: /eat
• Backend Service: food-service
• Backend Service Port: 8080

위와 마찬가지로 수정 

      - backend:
          service:
            name: food-service
            port: 
              number: 8080
        path: /eat
        pathType: Prefix

 

View the Food delivery application using the /eat URL in your browser.

A new payment service has been introduced. Since it is critical, the new application is deployed in its own namespace.

새로운 결제 서비스가 도입되었습니다. 중요하므로 새 응용 프로그램은 자체 네임스페이스에 배포됩니다.

 

What is the name of the deployment of the new application?

critical-space   webapp-pay-77f6bf45f6-p8gr2

 

You are requested to make the new application available at /pay 

/pay에서 새 애플리케이션을 사용할 수 있도록 요청합니다.

• Ingress Created
• Path: /pay
• Configure correct backend service
• Configure correct backend port

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress
  namespace: critical-space
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
  - http:
      paths:
      - path: /pay
        pathType: Prefix
        backend:
          service:
           name: pay-service
           port:
            number: 8282

 

Create a new Ingress for the new pay application in the critical-space namespace.

kubectl get pod,svc -n critical-space

NAME                              READY   STATUS    RESTARTS   AGE
pod/webapp-pay-77f6bf45f6-p8gr2   1/1     Running   0          4m37s

NAME                  TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
service/pay-service   ClusterIP   10.105.208.62   <none>        8282/TCP   4m37s

---

Ingress Networking – 2

 

https://kubernetes.io/ko/docs/concepts/services-networking/ingress-controllers/ 참고

인그레스 리소스가 작동하려면, 클러스터는 실행 중인 인그레스 컨트롤러가 반드시 필요하다.

프로젝트로서 쿠버네티스는 AWS, GCE와 nginx 인그레스 컨트롤러를 지원하고 유지한다.

 

해당과정에서는 nginx 사용

 

We have deployed two applications. Explore the setup.

kubectl get pod -A

 

Let us now deploy an Ingress Controller. First, create a namespace called ingress-space.

ingress-controller 배포를 하기 전에 ingress-space 네임스페이스 생성

kubectl create ns ingress-space

 

The NGINX Ingress Controller requires a ConfigMap object. Create a ConfigMap object in the ingress-space.

ingress-space 네임스페이스에 ConfigMap 생성 -> Nginx Ingress Controller가 Confimap을 필요로함 

kubectl create configmap nginx-configuration --namespace ingress-space

 

The NGINX Ingress Controller requires a ServiceAccount. Create a ServiceAccount in the ingress-space namespace.

Nginx Ingress Controller는 마찬가지로 서비스 어카운트도 요구. 서비스어카운트 생성

kubectl create serviceaccount ingress-serviceaccount --namespace ingress-space

 

Let us now deploy the Ingress Controller. Create a deployment using the file given.

kubectl create -f ingress-controller.yaml

• 해당 yaml 내용중에 오타 수정 (들여쓰기)

          ports:
            - name: http
              containerPort: 80
            - name: https
              containerPort: 443

 

Let us now create a service to make Ingress available to external users.

• Name: ingress
• Type: NodePort
• Port: 80
• TargetPort: 80
• NodePort: 30080
• Namespace: ingress-space
• Use the right selector

 

kubectl expose -n ingress-space deployment ingress-controller --type=NodePort --port=80 --name=ingress --dry-run=client -o yaml > ingress.yaml

• 인그레스 컨트롤러 서비스 만드는 과정임. 인그레스 컨트롤러는 디플로이먼트로 배포중 expose로 바로 서비스 형식 템플릿 생성해주자

 

Create the ingress resource to make the applications available at /wear and /watch on the Ingress service.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-wear-watch
  namespace: app-space
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
  - http:
      paths:
      - path: /wear
        pathType: Prefix
        backend:
          service:
           name: wear-service
           port: 
            number: 8080
      - path: /watch
        pathType: Prefix
        backend:
          service:
           name: video-service
           port:
            number: 8080

• 인그레스컨트롤러에 대한 모든 생성 및 설정을 완료했으니 실제 사용할 인그레스를 생성하는 단계