애플리케이션 볼륨 사용법

apiVersion: v1 kind: Pod metadata: name: pod-emptydir labels: app: nginx spec: containers: - name: web-page // 실제 서비스가 올라가는 컨테이너 image: nginx volumeMounts: - mountPath: /usr/share/nginx/html name: empty-directory - name: html-builder // 페이지가 만들어지는 컨테이너 image: alpine volumeMounts: - mountPath: /html-dir name: empty-directory command: ["/bin/sh", "-c"] args: - echo "This page created on $(date +%Y-%m-%d)" > /html-dir/index.html; sleep infinity; volumes: - name: empty-directory // 위의 두 개의 컨테이너를 공유 emptyDir: {} NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES net 0/1 ImagePullBackOff 0 5d1h 172.16.221.158 w1-k8s <none> <none> pod-emptydir 2/2 Running 0 20s 172.16.132.53 w3-k8s <none> <none>

apiVersion: apps/v1 kind: DaemonSet metadata: name: ds-hostpath labels: app: ds-hostpath spec: selector: matchLabels: app: ds-hostpath template: metadata: labels: app: ds-hostpath spec: containers: - name: host-mon image: sysnet4admin/sleepy volumeMounts: - mountPath: /host-log name: hostpath-directory volumes: - name: hostpath-directory hostPath: path: /var/log

# NFS 서비스 구동 [root@m-k8s ~]# ~/_Lecture_k8s_starter.kit/ch5/5.2/nfs-exporter.sh log Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service. # NFS 설정파일 확인(log폴더에 192.168.1.0으로 붙도록 마운트) [root@m-k8s ~]# cat /etc/exports /nfs_shared/log 192.168.1.0/24(rw,sync,no_root_squash) # 접속 시 접속 로그를 /audit에 저장하는 Pod 배포 [root@m-k8s nfs_shared]# kubectl apply -f ~/_Lecture_k8s_starter.kit/ch5/5.2/dpy-chk-log.yaml deployment.apps/dpy-chk-log created # 내용을 살펴보면 volumes를 앞에서 올린 nfs_shared/log로 사용하도록 설정되어 있으며 /audit과 마운트되도록 함 apiVersion: apps/v1 kind: Deployment metadata: name: deploy-nfs labels: app: deploy-nfs spec: replicas: 3 selector: matchLabels: app: deploy-nfs template: metadata: labels: app: deploy-nfs spec: containers: - name: chk-log image: sysnet4admin/chk-log volumeMounts: - name: nfs-vol mountPath: /audit volumes: - name: nfs-vol nfs: server: 192.168.1.10 path: /nfs_shared/nfs-vol # pods 확인 [root@m-k8s nfs_shared]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES dpy-chk-log-655668ffb8-7m4jm 1/1 Running 0 9m57s 172.16.132.14 w3-k8s <none> <none> dpy-chk-log-655668ffb8-c4wwt 1/1 Running 0 9m57s 172.16.221.138 w1-k8s <none> <none> dpy-chk-log-655668ffb8-r84j2 1/1 Running 0 9m57s 172.16.103.142 w2-k8s <none> <none> # pod에 접속 [root@m-k8s nfs_shared]# curl 172.16.132.14 pod_n: dpy-chk-log-655668ffb8-7m4jm | ip_dest: 172.16.132.14 # pod에 shell로 접속해서 audit 내 로그 확인 [root@m-k8s nfs_shared]# kubectl exec dpy-chk-log-655668ffb8-7m4jm -it -- /bin/bash root@dpy-chk-log-655668ffb8-7m4jm:/# cat /audit/audit_dpy-chk-log-655668ffb8-7m4jm.log 01/Nov/2022:00:29:48 +0900 172.16.132.14 GET root@dpy-chk-log-655668ffb8-7m4jm:/# exit exit # 배포한 Pod 삭제 [root@m-k8s log]# kubectl delete -f ~/_Lecture_k8s_starter.kit/ch5/5.2/dpy-chk-log.yaml deployment.apps "dpy-chk-log" deleted [root@m-k8s log]# kubectl get pods No resources found in default namespace. # 배포한 Pod을 삭제해도 마스터노드에 볼륨 내 파일이 그대로 남아있음 [root@m-k8s log]# cat /nfs_shared/log/audit_dpy-chk-log-655668ffb8-7m4jm.log 01/Nov/2022:00:29:48 +0900 172.16.132.14 GET

# 관리자가 생성하는 PV apiVersion: v1 kind: PersistentVolume metadata: name: pv-nfs spec: capacity: storage: 100Mi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain nfs: server: 192.168.1.10 path: /nfs_shared/pvc-vol

# 개발자가 생성하는 PVC apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc-nfs spec: accessModes: - ReadWriteMany resources: requests: storage: 10Mi

# Deploy apiVersion: apps/v1 kind: Deployment metadata: name: deploy-pvc labels: app: deploy-pvc spec: replicas: 3 selector: matchLabels: app: deploy-pvc template: metadata: labels: app: deploy-pvc spec: containers: - name: chk-log image: sysnet4admin/chk-log volumeMounts: - name: pvc-vol mountPath: /audit volumes: - name: pvc-vol persistentVolumeClaim: claimName: pvc-nfs

# 1. NFS 볼륨을 생성한다. [root@m-k8s 5.5]# ./nfs-exporter.sh pvc-vol Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service. [root@m-k8s 5.5]# cat /etc/exports /nfs_shared/pvc-vol 192.168.1.0/24(rw,sync,no_root_squash) # 2. PV를 생성한다. [root@m-k8s 5.5]# k apply -f persistentvolume-nfs.yaml persistentvolume/pv-nfs created [root@m-k8s 5.5]# k get pv NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE pv-nfs 100Mi RWX Retain Available 24s # 3. PVC를 생성한다. [root@m-k8s 5.5]# k apply -f persistentvolumeclaim-nfs.yaml persistentvolumeclaim/pvc-nfs created [root@m-k8s 5.5]# k get pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE pvc-nfs Bound pv-nfs 100Mi RWX 3s # 4. Deploy를 배포한다. [root@m-k8s 5.5]# k apply -f deploy-pvc.yaml deployment.apps/deploy-pvc unchanged # 5. curl로 로그를 남긴다. [root@m-k8s 5.5]# k get po -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES deploy-pvc-57684fb7ff-mv9zp 0/1 ContainerCreating 0 35s <none> w3-k8s <none> <none> deploy-pvc-57684fb7ff-n4rws 1/1 Running 0 35s 172.16.103.167 w2-k8s <none> <none> deploy-pvc-57684fb7ff-wvcxz 1/1 Running 0 35s 172.16.221.155 w1-k8s <none> <none> net 1/1 Running 0 9d 172.16.132.23 w3-k8s <none> <none> [root@m-k8s 5.5]# curl 172.16.103.167 pod_n: deploy-pvc-57684fb7ff-n4rws | ip_dest: 172.16.103.167 # 6. pod에 접속해서 볼륨에 생성된 로그를 확인해본다. [root@m-k8s 5.5]# k exec deploy-pvc-57684fb7ff-n4rws -it -- /bin/bash root@deploy-pvc-57684fb7ff-n4rws:/# ls audit audit_deploy-pvc-57684fb7ff-n4rws.log root@deploy-pvc-57684fb7ff-n4rws:/# exit exit [root@m-k8s 5.5]# k exec deploy-pvc-57684fb7ff-mv9zp -it -- /bin/bash root@deploy-pvc-57684fb7ff-mv9zp:/# ls audit audit_deploy-pvc-57684fb7ff-n4rws.log

# NFS 서비스 구동 [root@m-k8s ~]# ~/_Lecture_k8s_starter.kit/ch5/5.2/nfs-exporter.sh log Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service. # NFS 설정파일 확인(log폴더에 192.168.1.0으로 붙도록 마운트) [root@m-k8s ~]# cat /etc/exports /nfs_shared/log 192.168.1.0/24(rw,sync,no_root_squash) [root@m-k8s ~]# cd /nfs_shared [root@m-k8s nfs_shared]# ls log # 접속 시 접속 로그를 /audit에 저장하는 Pod 배포 [root@m-k8s nfs_shared]# kubectl apply -f ~/_Lecture_k8s_starter.kit/ch5/5.2/dpy-chk-log.yaml deployment.apps/dpy-chk-log created # 내용을 살펴보면 volumes를 앞에서 올린 nfs_shared/log로 사용하도록 설정되어 있으며 /audit과 마운트되도록 함 [root@m-k8s nfs_shared]# cat ~/_Lecture_k8s_starter.kit/ch5/5.2/dpy-chk-log.yaml spec: containers: - name: dpy-chk-log image: sysnet4admin/chk-log volumeMounts: - name: nfs-vol mountPath: /audit volumes: - name: nfs-vol nfs: server: 192.168.1.10 path: /nfs_shared/log # pods 확인 [root@m-k8s nfs_shared]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES dpy-chk-log-655668ffb8-7m4jm 1/1 Running 0 9m57s 172.16.132.14 w3-k8s <none> <none> dpy-chk-log-655668ffb8-c4wwt 1/1 Running 0 9m57s 172.16.221.138 w1-k8s <none> <none> dpy-chk-log-655668ffb8-r84j2 1/1 Running 0 9m57s 172.16.103.142 w2-k8s <none> <none> # pod에 접속 [root@m-k8s nfs_shared]# curl 172.16.132.14 pod_n: dpy-chk-log-655668ffb8-7m4jm | ip_dest: 172.16.132.14 # pod에 shell로 접속해서 audit 내 로그 확인 [root@m-k8s nfs_shared]# kubectl exec dpy-chk-log-655668ffb8-7m4jm -it -- /bin/bash root@dpy-chk-log-655668ffb8-7m4jm:/# cat /audit/audit_dpy-chk-log-655668ffb8-7m4jm.log 01/Nov/2022:00:29:48 +0900 172.16.132.14 GET root@dpy-chk-log-655668ffb8-7m4jm:/# exit exit # 배포한 Pod 삭제 [root@m-k8s log]# kubectl delete -f ~/_Lecture_k8s_starter.kit/ch5/5.2/dpy-chk-log.yaml deployment.apps "dpy-chk-log" deleted [root@m-k8s log]# kubectl get pods No resources found in default namespace. # 배포한 Pod을 삭제해도 마스터노드에 볼륨 내 파일이 그대로 남아있음 [root@m-k8s log]# cat /nfs_shared/log/audit_dpy-chk-log-655668ffb8-7m4jm.log 01/Nov/2022:00:29:48 +0900 172.16.132.14 GET