Docker Compose利用者から見た Kubernetes 開発環境構築入門 / introduction to kubernetes for docker compose user

Transcript

1. Docker Composeར༻ऀ ͔ΒݟͨKubernetes ։ൃ؀ڥߏஙೖ໳ WEBΤϯδχΞษڧձ #09 Koichi Nagaoka

2. ࣗݾ঺հ ௕Ԭ ߒҰ (@kkoudev) גࣜձࣾϛΫγΟͰΤϯδχΞ΍ͬͯ·͢ɻ ޷͖ͳΤσΟλ͸VSCode

3. ࠓճͷςʔϚͰ͋Δ Kubernetesͷલʹ… Dockerʹ͍ͭͯ

4. DockerΛ࢖͍࢝ΊͯɺDocker ComposeʹΑΔӡ༻Λ͋Δఔ౓ ߦ͍ͬͯΔͱɺ͍͔ͭ͘໰୊఺ ͕ݟ͖͑ͯ·͢ɻ

5. Docker ComposeͷΈͷӡ༻ʹΑΔ ओͳ໰୊఺ ϗετΛ৑௕Խ͢Δʹ͋ͨͬͯ͸ͦ͜ ·Ͱ೉͘͠͸ͳ͍͕ɺϗετ͝ͱʹΞ ϓϦέʔγϣϯΛσϓϩΠͨ͠Γɺσ ϓϩΠ࣌ʹϩʔυόϥϯαʔ͔Βͷ੾ Γ཭͠Λߦ͏ͳͲΛࣗ࡞͢Δඞཁ͕ग़ ͯ͘Δɻ 1.

   ϗετͷ৑௕Խ ྫ͑͹σϓϩΠʹࣦഊͯ͠ଈ੾Γ໭͠ Λ͍ͨ͠ͱ͍ͬͨέʔεʹ͓͍ͯ͸ɺ Docker Compose୯ମͰಛผͳػೳ͕ ఏڙ͞Ε͍ͯΔΘ͚Ͱ͸ͳ͍ͷͰࣗ෼ Ͱͦͷ࢓૊Λ࡞Δඞཁ͕͋Δɻ
 (Ϗϧυͨ͠Πϝʔδͷλά؅ཧɺλά Λࢦఆͯ͠ͷσϓϩΠͳͲ) 2. ίϯςφͷόʔδϣϯ؅ཧ ίϯςφͷࢮ׆؂ࢹ΍ো֐࣌ͷ෮چʹ ͍ͭͯ͸खಈͩͬͨΓࣗ࡞͢Δ෦෼͕ ଟ͍ɻ 3. ࢮ׆؂ࢹ΍ো֐͔Βͷ෮چ

6. Docker ComposeΛ࢖͏͜ͱͰϗε τͷҧ͍ʹΑΔ؀ڥࠩҟ΍໘౗ͳη οτΞοϓΛ΄΅ແ͘͢͜ͱ͕ग़དྷ ΔΑ͏ʹ͸ͳ͕ͬͨɺϗετؒͷ࿈ ܞ΍৑௕ߏ੒࣌ͷӡ༻ͳͲɺΠϯϑ ϥཁૉ͕ؔ࿈͢Δ෦෼ʹ͍ͭͯ͸ࣗ ࡞෦෼͕ଟͯ͘ख͕͔͔ؒΔ

7. ͦ͜ͰKubernetes

8. Kubernetesͱ͸ DockerίϯςφͷΫϥελ؅ཧΛ࢝Ίͱ͠ ͨΦʔέετϨʔγϣϯΛߦ͏αʔϏεͰ ͢ɻϗετؒͷ࿈ܞ΍σϓϩΠʹ͍ͭͯ΋૯ ׅతʹ؅ཧͰ͖ΔΑ͏ʹͳΓ·͢ɻ (໊শ͕௕͍ͷͰ k8s ͱུ͞Ε·͢) ※DockerެࣜͷΦʔέετϨʔγϣϯπʔϧͱͯ͠ Docker

   Swarmͱ͍͏΋ͷ΋͋Γ·͕͢ɺk8s͕ੈͷதతʹ͸ ΄΅σϑΝΫτελϯμʔυͱͳ͍ͬͯ·͢

9. ࠓ೔͓࿩͢Δ͜ͱ • Kubernetesͷ֓೦ͱ֤Ϧιʔεͷ໾ׂʹ͍ͭͯ • KubernetesΛ࢖ͬͨ։ൃ؀ڥͷγεςϜߏஙखॱ • Docker Compose͔ΒͷҠߦํ๏ • Kubernetesͷྑ͍ϙΠϯτͱগ͠ਏ͍ϙΠϯτ

10. Kubernetesͷ֓೦ͱ Ϧιʔεʹ͍ͭͯ

11. KubernetesͷϦιʔεͱ͸ Kubernetes͸ෳ਺ͷϦιʔεͱݺ͹ΕΔ୯Ґ͕ڠ ௐ͠߹͏͜ͱͰߏ੒͞Ε͍ͯ·͢ɻ࢓૊ΈΛཧղ ͢Δ্Ͱ΋·ͣ͸Ϧιʔεʹ͍ͭͯཧղ͢Δඞཁ ͕͋Γ·͢ɻ

12. Nodeʹ͍ͭͯ • Nodeͱ͸DockerϗετΛࢦ͢Ϧιʔε • ཁ͢Δʹίϯςφ͕ಈ࡞͢Δαʔόͷ͜ͱΛࢦ͢ɻϩʔΧϧ؀ڥ Ͱ͋Ε͹ɺNode͸ৗʹ1ͭͱͳΔ • Nodeʹ͸KubernetesΫϥελͷશNodeΛ؅ཧ͢ΔMaster (Master Node)ͱɺͦΕҎ֎ͷ֤ϦιʔεΛಈ͔͢Node

    (Worker Node)ʹ෼͔ΕΔ

13. NodeͷΠϝʔδ

14. Podʹ͍ͭͯ • Podͱ͸Node಺ʹ഑ஔ͢ΔίϯςφΛಈ͔ͨ͢ΊͷϦιʔεɻؔ ࿈ੑͷ͋ΔDockerίϯςφͷू·ΓΛ1ͭͱͨ͠୯ҐͱͳΔ • ྫ͑͹NginxΛϑϩϯταʔόͱͨ͠RubyΞϓϦέʔγϣϯ͕͋ Δ৔߹ɺNginxͷίϯςφͱRubyΞϓϦέʔγϣϯͷίϯςφΛ1 ͭͷ·ͱ·Γͱ͍ͨ͠৔߹͕͋ΔɻͦͷΑ͏ͳ৔߹ɺ1ͭͷPodͱ ͯ͠ߏ੒͢Δ

15. PodͷΠϝʔδ

16. PodͱReplicaSetʹ͍ͭͯ • Pod͸ReplicaSetͱ͍͏ϦιʔεͰର৅PodͷΫϥελશମʹ͓͚ Δෳ੡਺Λఆ͓ٛͯ͘͜͠ͱ͕Ͱ͖Δ • Podͷෳ੡਺Λࢦఆ͓ͯ͘͜͠ͱͰɺPod͕ԿΒ͔ͷཧ༝Ͱڧ੍ऴ ྃͨ͠৔߹Ͱ΋ෳ੡਺Λҡ࣋͢ΔͨΊʹηϧϑώʔϦϯάΛߦ͏ ͜ͱ͕ՄೳʹͳΔ

17. PodͱReplicaSetͷΠϝʔδ

18. ReplicaSetͱDeploymentʹ͍ͭͯ • ReplicaSet͸Deploymentͱ͍͏ϦιʔεͰ؅ཧ͞ΕΔ • ReplicaSet͸Podͷෳ੡ɾҡ࣋ͷͨΊͷ؅ཧΛ୲͍ͬͯΔ͕ɺ Deployment͸ReplicaSetͷ࡞੒ɾҡ࣋ͷͨΊͷ؅ཧΛ୲͍ͬͯΔ • Deployment͸σϓϩΠ࣌ʹ৽͍͠࢓༷ͷReplicaSetΛ࡞੒͠ɺچ ReplicaSet͕؅ཧ͍ͯ͠ΔچPodͱͷ਺Λௐ੔͠ͳ͕Β৽PodΛ૿ ΍͍͖ͯ͠ɺ࠷ऴతʹReplicaSet͝ͱ৽͍͠࢓༷ʹஔ͖׵͑ΔΑ

    ͏ʹͳ͍ͬͯΔɻ·ͨɺϦϏδϣϯ؅ཧ΋͓ͯ͠Γɺ৽όʔδϣ ϯʹ໰୊͕͋ͬͨࡍʹچόʔδϣϯ΁໭͢͜ͱ΋ՄೳͰ͋Δ

19. ReplicaSetͱDeploymentͷΠϝʔδ

20. Serviceʹ͍ͭͯ • Serviceͱ͸Pod΁ͷΞΫηεܦ࿏Λఏڙ͢ΔϦιʔεͰ͋Δ • ओʹPodʹ͚ͭͨϥϕϧΛݩʹɺͲͷϥϕϧ͕͍ͭͨPod΁ΞΫη ε͢Δ͔Λܾఆ͢Δ • Ϋϥελ಺෦ͷΈͰར༻Ͱ͖ΔService(ClusterIP)΍ɺΫϥελ֎ ෦͔ΒΞΫηεՄೳͳService(NodePort)ͳͲͷServiceΛ࡞੒͢Δ ͜ͱ͕ՄೳͰ͋Δ

    • AWSΛ࢖͍ͬͯΔ৔߹͸ɺLoad Balancerͱͯ͠CLBɾNLBΛׂΓ ౰ͯΔ͜ͱ΋Մೳ

21. ServiceͷΠϝʔδ

22. ͦͷଞϦιʔεʹ͍ͭͯ • ֓೦Λઆ໌͢Δ্Ͱ୅දతͳϦιʔεʹ͍ͭͯ͸঺հ͠·ͨ͠ ͕ɺͦͷଞΑ͘࢖͏Ϧιʔεʹ͍ͭͯ΋঺հ͍ͯ͠·͢ɻ

23. Ingress Serviceͷ্ҐϦιʔεɻService͸OSIࢀরϞσϧͰ͍͏ͱ͜ΖͷL4૚·Ͱͷ ੍ޚ͔͠ग़དྷͳ͍(※)͕ɺIngressΛ࢖͏͜ͱͰL7૚ϨϕϧͷύεϕʔεͷৼΓ෼͚΍ ϗετ໊ʹΑΔৼΓ෼͚ͳͲ͕ग़དྷΔΑ͏ʹͳΔɻ AWSͰ͍͏ͱ͜ΖͷALBͱࢥͬͯ΋Β͑Ε͹Α͍͔ͱࢥ͍·͢ɻ (※কདྷతʹ͸ L7૚ ·ͰServiceͰ΋ѻ͑ΔΑ͏ʹ͢Δ༧ఆ͕͋ΔΒ͍͠)

24. ConfigMap ؀ڥม਺ͷΑ͏ͳઃఆ஋ɺ·ͨઃఆϑΝΠϧ৘ใͦͷ΋ͷΛ ؅ཧ͢ΔͨΊͷϦιʔεɻKey-ValueܗࣜͰఆٛ͞ΕΔɻ Secret ઃఆ஋ͷதͰ΋ύεϫʔυͷΑ͏ͳൿಗ৘ใΛѻ͏ࡍʹར༻͢Δɻ ઃఆϑΝΠϧ্͸Base64ܗࣜͱͯ͠஋Λอ࣋͢Δͱ͍͏఺Ҏ֎͸ ConfigMapͱ΄΅มΘΒͳ͍ɻ

25. PersistentVolume ϘϦϡʔϜྖҬΛఆٛ͢ΔϦιʔεɻ EBS΍NFSͷΑ͏ͳ֎෦ετϨʔδΛఆٛ͢Δ͜ͱ΋Մೳ PersistentVolumeClaim ར༻͢ΔϘϦϡʔϜྖҬͷཁٻΛఆٛ͢ΔϦιʔεɻ PersistentVolumeͱPodΛඥ෇͚ΔͨΊʹར༻͢Δɻ

26. Docker Composeར༻࣌͸ಈ࡞ͤ͞Δίϯς φΛҙࣝ͢Δ͚ͩͰຆͲࣄ଍Γ͍ͯ·͕ͨ͠ɺ KubernetesͰ͸ͦΕʹՃ͑ͯಈ࡞ͤ͞Δϗε τ(Node)΍ίϯςφͷάϧʔϓԽ(Pod)ɺͦͷ ෳ੡(ReplicaSet)ͱެ։(ServiceɺIngress)ͱ ͍ͬͨΠϯϑϥϨϕϧͰҙ͍ࣝͯͨ͜͠ͱ΋શ ͯKubernetesͷઃఆͷ̍ͭͱͯ͠؅ཧग़དྷΔ Α͏ʹͳΓ·͢ɻ “

27. KubernetesΛ࢖ͬͨ ։ൃ؀ڥͷߏங

28. ͦΕͰ͸ɺ࣮ࡍʹ։ൃ؀ڥΛߏங ͍͖ͯ͠·͢

29. ࠓճߏங͢ΔγεςϜͷΠϝʔδ ※WEBΤϯδχΞษڧձ #05 Ͱ Dockerʹ͍ͭͯൃදͨ͠ͱ͖ͱશ͘ಉ͡ߏ੒

30. ࠓճߏங͢ΔγεςϜͷ֓ཁ • NginxΛϑϩϯτΤϯυͱͨ͠DjangoΞϓϦέʔγϣϯ • RedisΛΩϟογϡαʔόͱͯ͠ར༻ • ఆظతʹεέδϡʔϦϯά͞Εͨόον͕ಈ࡞͢Δ • DBʹ͸MySQLΛ࢖༻

31. KubernetesͰ؀ڥΛߏங͢Δʹ͸ • KubernetesͰ͸Docker Composeಉ༷ʹYAMLܗࣜͷϑΝΠϧΛѻ ֤ͬͯϦιʔεͷઃఆΛهड़͢Δ͜ͱͰ؀ڥΛߏங͍͖ͯ͠· ͢ɻઃఆ಺༰͸͓͓ͬ͟ͺʹ͸࣍ͷΑ͏ͳϑΥʔϚοτʹͳͬͯ ͍·͢ • ϩʔΧϧ؀ڥͷߏஙʹ͍ͭͯ͸Ұੲલ͸ minikube

    Λ࢖ͬͯߏங͠ ͍ͯ·͕ͨ͠ɺݱࡏ͸ Docker for Mac/Win Ͱ΋ਖ਼ࣜαϙʔτ͞Ε ͍ͯ·͢ɻ(σϑΥϧτͰ༗ޮʹͳ͍ͬͯͳ͍ͷͰ༗ޮԽ͢Δඞཁ ͕͋Γ·͢)

32. ओͳKubernetesͷઃఆϑΝΠϧ߲໨ apiVersion: ϦιʔεͰར༻͢ΔAPIͷόʔδϣϯΛهࡌɻϦιʔε͝ͱʹҟͳΔ kind: ϦιʔεͷछผΛهड़ɻ (ex: Deployment, Service) metadata: Ϧιʔε΁෇༩Մೳͳϝλσʔλɻओʹ໊শ΍ϥϕϧΛ෇༩͢Δͷʹ࢖༻

    spec: Ϧιʔεݻ༗ͷઃఆΛهड़͢Δ data: ConfigMap΍SecretΛ࢝Ίͱͨ͠ઃఆσʔλΛهड़͢ΔϦιʔεͰར༻͞ΕΔ

33. 1. DeploymentͷઃఆΛ࡞੒͢Δ

34. Deploymentͷઃఆ • NginxΛϑϩϯτͱͨ͠DjangoΞϓϦέʔγϣϯ ↑·ͣ͸͜ͷ෦෼͔Β࡞੒͠·͢

35. ConfigMapͷ४උ Docker Composeͷઃఆͱൺ΂ͯେ͖͘ҟͳΔͷ͕ nginx.conf ͷΑ ͏ͳઃఆϑΝΠϧͷѻ͍Ͱ͢ɻDocker Composeͷ৔߹͸ϗετଆͷ ಛఆͷσΟϨΫτϦʹઃఆϑΝΠϧΛ഑ஔ͠ɺͦΕΛίϯςφ಺΁ Ϛ΢ϯτͯ͠ѻ͏ྫ͕ଟ͔͔ͬͨͱࢥ͍·͕͢ɺKubernetesͰ͸ ClusterશମͰѻ͑ΔΑ͏ʹɺConfigMapͷϦιʔεͱͯ͠YAMLϑΝ

    Πϧ಺ʹ௚઀ઃఆϑΝΠϧͷ಺༰Λهड़͢Δํ๏ΛऔΓ·͢ɻ

36. 1. ਤͷΑ͏ͳNginxͷઃఆϑΝΠϧΛ഑ஔ ͨ͠σΟϨΫτϦΛ༻ҙ͓ͯ͘͠ 2. nginxσΟϨΫτϦͷ1্ͭʹҠಈͯ͠Ҏ ԼͷίϚϯυͰConfigMapΛ࡞੒͢Δ kubectl create configmap nginx-config-common

    -—from-file=nginx/etc/common ConfigMapͷ࡞੒ྫ 3. ͜ΕΛඞཁͳ෼͚ͩߦ͏ɻ※αϒσΟϨΫτϦ·Ͱ͸ ݟͯ͘Εͳ͍ͷͰσΟϨΫτϦߏ੒ʹ͸஫ҙ

37. ࡞੒ͨ͠ConfigMapͷ಺༰ΛkubectlͰ֬ೝ͢ΔͱҎԼͷΑ͏ʹͳ͍ͬͯΔ $ kubectl get configmap nginx-config-common -o yaml ——————————————————————— apiVersion:

    v1 data: nginx.conf: | user daemon daemon; daemon off; error_log /var/opt/nginx/log/error.log; pid /var/run/nginx.pid; worker_processes auto; worker_rlimit_nofile 100000; events { worker_connections 4000; use epoll; multi_accept on; } ɾɾɾɾ(௕͍ͷͰলུ) kind: ConfigMap metadata: creationTimestamp: 2018-09-12T12:47:51Z name: nginx-config-common namespace: default resourceVersion: "121247" selfLink: /api/v1/namespaces/default/configmaps/nginx-config-common uid: 0fae62dd-b68a-11e8-bbb2-025000000001

38. DeploymentͷઃఆΛهड़ ࡞੒ͨ͠ConfigMapΛNginxίϯςφͰಡΈࠐΉΑ͏ʹઃఆͯ͠Έ· ͢ɻ

39. ࡞੒ͨ͠ConfigMapͷ಺༰ΛಡΈࠐΜͰ͍ΔDeploymentઃఆྫ apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment spec: replicas:

    2 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: library/nginx:latest ports: - containerPort: 8080 - containerPort: 8443 volumeMounts: - name: v-nginx-config mountPath: /etc/nginx volumes: - name: v-nginx-config-common configMap: name: nginx-config-common volumesʹ࡞੒ͨ͠ConfigMap໊Λࢦఆͯ͠ɺ ίϯςφͷvolumeMounts ͷઃఆͰ Ϛ΢ϯτ͍ͨ͠ύεΛهड़͢Δ

40. Deploymentͷઃఆͷهड़·ͱΊ Nginxͷઃఆྫ·Ͱ঺հ͠·͕ͨ͠ɺಉ༷ʹDjangoΞϓϦέʔγϣ ϯͷઃఆʹ͍ͭͯ΋ίϯςφઃఆΛDeployment΁௥Ճ͢Ε͹OKͰ ͢ɻ͜͜Ͱ͸DjangoΞϓϦέʔγϣϯͷઃఆʹ͍ͭͯ·Ͱ͸ࡉ͔͘ ৮Ε·ͤΜ͕ɺConfigMapͷઃఆͱDeployment (Pod) ΁ͷඥ෇͚ํ ๏ʹ͍ͭͯ͸͜ΕͰΠϝʔδ͕͍͔ͭͨͱࢥ͍·͢ɻ

41. Deploymentͷ࡞੒ ྫͱͯ͠ɺ࡞੒ͨ͠DeploymentͷઃఆΛ nginx-django- deployment.yaml ͱ͍͏ϑΝΠϧ໊Ͱอଘ͠·͢ɻ ͦͷޙɺҎԼͷίϚϯυͰ Deployment ͷ࡞੒Λߦ͍·͢ɻ kubectl apply

    -f nginx-django-deployment.yaml kubectl create Ͱ΋࡞੒͸ՄೳͰ͕͢ɺapply͸࡞੒͓Αͼߋ৽ͷ྆ ํʹରԠ͍ͯ͠·͢ɻ(create͸طʹ࡞੒͞Ε͍ͯΔͱΤϥʔʹͳΔ) ͦͷͨΊɺσϓϩΠ࣌ͷมߋ൓өͰ͸͜ͷίϚϯυΛར༻͢Δέʔ ε͕ଟ͍Ͱ͢ɻ

42. 2. ServiceͱIngressͷ ઃఆΛ࡞੒͢Δ

43. Serviceͷઃఆ Pod΁ΞΫηεՄೳʹ͢ΔͨΊʹServiceΛఆٛͯ͠ɺެ։ϙʔτΛ هड़͠·͢ɻ

44. Serviceͷઃఆྫ kind: Service apiVersion: v1 metadata: name: nginx-service spec: type:

    NodePort selector: app: nginx ports: - name: http protocol: TCP port: 8080 targetPort: 8080 - name: https protocol: TCP port: 8443 targetPort: 8443 selectorʹର৅Podͷϥϕϧʹఆٛͨ͠஋Λࢦ ఆͯ͠Serviceͱඥ෇͚Δ

45. IngressͷઃఆͱΠϯετʔϧ IngressΛ࢖͑͹AWSͰ͋Ε͹ALBΛׂΓ౰ͯΔ͜ͱ΋ՄೳͳͷͰ͢ ͕ɺएׯઃఆ͕໘౗ͳͷͰࠓճ͸ Nginx Ingress Controller Λར༻͠· ͢ɻ(ALBͷׂΓ౰ͯʹ͍ͭͯ΋ؾʹͳΔํ͸ alb-ingress-controller, kube-aws-ingress-controller

    ͋ͨΓΛௐ΂ͯΈ͍ͯͩ͘͞) Nginx Ingress Controllerʹ͍ͭͯ͸ helm ͱ͍͏Kubernetesͷύοέ ʔδϚωʔδϟʔΛ࢖ͬͯҎԼͷΑ͏ʹΠϯετʔϧ͠·͢ɻ helm install stable/nginx-ingress

46. Ingress (Nginx Ingress Controller)ͷઃఆྫ apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations:

    kubernetes.io/ingress.class: nginx name: example-lb spec: rules: - host: www.example.com http: paths: - backend: serviceName: nginx-service servicePort: 8080 path: / tls: - hosts: - www.example.com secretName: example-tls selectorʹର৅Podͷϥϕϧʹఆٛͨ͠஋Λࢦ ఆͯ͠Serviceͱඥ෇͚ΔɻservicePortʹ͸ serviceͰࢦఆ͞Εͨ port ·ͨ͸ targetPort Λ ࢦఆ͢ΔɻHTTPSͷઃఆΛߦ͏৔߹͸ tls ͱ͍ ͏߲໨ʹূ໌ॻͷઃఆ͕ඞཁʹͳΓɺSecret ʹূ໌ॻΛొ࿥ͯͦ͠ΕΛࢦఆ͢Δඞཁ͕͋Δɻ

47. ServiceͱIngressͷઃఆ·ͱΊ Serviceʹ͸AWSͰ͸CLB΍NLBΛׂΓ౰ͯΔ͜ͱ͕ՄೳͰ͕͢ɺ L7૚Ϩϕϧͷ੍ޚ΋͍ͨ͠ˍHTTP2ରԠͨ͠HTTPαʔόΛ࢖͍͍ͨ ͱ͍͏έʔεʹ͓͍ͯ͸IngressΛ࢖͏͜ͱ͕͓͢͢ΊͰ͢ɻ ͳ͓ɺIngressͷIPΛRoute53ͳͲͷDNS΁ొ࿥͢ΔͨΊʹ͸ external-dns ΛΠϯετʔϧˍઃఆ͢Δ͜ͱͰࣗಈԽՄೳͰ͢ɻ(ઃ ఆʹ͍ͭͯ͸͜͜Ͱ͸঺հ͠·ͤΜͷͰɺڵຯͷ͋Δํ͸ௐ΂ͯΈͯ ͍ͩ͘͞)

48. 3. όονΛ࡞੒͢Δ

49. Kubernetesʹ͓͚Δόον KubernetesͰ͸ Job ͱ͍͏ϦιʔεΛ࢖ͬͯɺ୯ҰίϚϯυͷ࣮ߦΛ ߦ͏PodΛఆٛ͢Δ͜ͱ͕ՄೳͰ͢ɻྫ͑͹DBͷϚΠάϨʔγϣϯͷ Α͏ͳॲཧΛఆٛ͢Δͷʹ޲͍͍ͯ·͢ɻ ·ͨɺఆظతʹॲཧΛ܁Γฦ࣮͠ߦ͍ͨ͠৔߹͸ CronJob Ϧιʔε Λར༻͠·͢ɻ

50. Jobͷઃఆྫ apiVersion: batch/v1 kind: Job metadata: name: db-migrate spec: backoffLimit:

    1 parallelism: 1 completions: 1 template: spec: containers: - name: job-sleep image: debian:stretch-slim command: ["migrate", "up"] restartPolicy: Never backoffLimitͷ਺Λมߋ͢Δ͜ͱͰࣦഊ࣌ͷ࠶ ࢼߦճ਺ͳͲ΋ఆٛ͢Δ͜ͱ΋Ͱ͖Δɻ restartPolicy͕Neverʹઃఆ͞Εͨδϣϒ͕Ұ౓ ਖ਼ৗ׬ྃ͢Δͱɺdelete͞ΕΔ·Ͱ࠶࣮ߦ͞Ε Δ͜ͱ͸ͳ͘ͳΔɻ

51. CronJobͷઃఆྫ apiVersion: batch/v1beta1 kind: CronJob metadata: name: cron-job spec: schedule:

    "*/1 * * * *" jobTemplate: spec: template: spec: containers: - name: job-sleep image: debian:stretch-slim imagePullPolicy: Always command: ["echo", "test"] restartPolicy: Never scheduleʹcronܗࣜͰ࣮ߦ࣌ؒΛࢦఆ͢Δ͜ͱ ͕ग़དྷΔ

52. 4. RedisͱDBΛ࡞੒͢Δ

53. Kubernetesʹ͓͚ΔΩϟογϡ ͱDBͷѻ͍ ϩʔΧϧ΍։ൃ؀ڥͰ͸Redis/MySQLίϯςφΛಈ͔ͯ͠΋Α͍ͷͰ ͕͢ɺAWSΛར༻͍ͯ͠Δέʔεͩͱຊ൪؀ڥͰ͸ElastiCache΍ RDSΛ࢖͍ͨ͘ͳΔ͔ͱࢥ͍·͢ɻ͜ͷ৔߹ɺKubernetes୯ମ (kubectl)Ͱ͸؆୯ʹ੍ޚ͕Ͱ͖ͳ͍ͨΊɺଞͷϓϩϏδϣχϯάπʔ ϧͰ͋Δ kops ΍ Terraform

    Λ૊Έ߹Θͤͯߏங͢Δ͜ͱʹͳΓ· ͢ɻ·ͨɺKubernetes on AWSͱͯ͠͸ EKS ͱ͍͏Ϛωʔδυαʔ Ϗε΋͋Γɺ2018೥9݄ݱࡏ͸౦ژϦʔδϣϯͰ͸·ͩ࢖͑·ͤΜ ͕ɺ౦ژϦʔδϣϯʹରԠͨ͠ࠒʹ͸ͪ͜ΒΛར༻͢Δͷ΋ྑ͍͔ͱ ࢥ͍·͢ɻ

54. Ҏ্Ͱߏங͢Δ্Ͱͷ͍͍ͩͨͷϙΠϯτΛ ঺հ͍͖ͤͯͨͩ͞·ͨ͠ɻ Kubernetes͸ΦʔέετϨʔγϣϯπʔϧͱ ͍͏ಛੑ্ɺߟྀ͢΂͖ϙΠϯτ΍ઃఆ͕ଟ͍ ͨΊʹDocker Composeʹ׳ΕͨํͰ΋࠷ॳ ͸ͱʹ͔͘ϋϚΔ͜ͱ͕ଟ͍Ͱ͕͢ɺ࢖͍͜ͳ ͤΔΑ͏ʹͳΔͱແఀࢭσϓϩΠ΍ো֐ൃੜ࣌ ͷΦʔτώʔϦϯά͕ൺֱత؆୯ʹߦ͑ΔΑ͏ ʹͳΔͨΊɺੋඇಋೖͯ͠ΈΔ͜ͱΛ͓͢͢Ί

    ͠·͢ɻ “

55. Docker Compose ͔ΒͷҠߦํ๏

56. Docker Compose͔ΒҠߦ͍ͨ͠ kompose ͱ͍͏πʔϧΛ࢖͏͜ͱͰɺdocker-compose.yaml ͔Β Kubernetes ͷϦιʔε΁ͱࣗಈม׵ͯ͘͠Ε·͢ɻͨͩ͠Kubernetes ͱDocker ComposeͰ͸ϘϦϡʔϜͷѻ͍ํ͕ҟͳΔͨΊɺͦͷ఺ʹ ͍ͭͯ͸গ͠ॻ͖௚͢ඞཁ͕͋Γ·͢ɻͦͷͨΊɺθϩ͔Βهड़͢Δ

    ΑΓ͸Ϛγ͘Β͍ͷೝࣝͰ࢖͏෼ʹ͸ɺ݁ߏख͕ؒল͚ͯศརͳͷͰ ͓͢͢ΊͰ͢ɻ

57. kompose ࣮ߦྫ 1. HomebrewͰΠϯετʔϧ brew install kompose 2. ݩͱͳΔ docker-compose.yaml

    Λࢦఆ͢Δ kompose convert -f docker-compose.yaml -o (ग़ྗઌσΟϨΫτϦ) volumeʹ͍ͭͯ͸σϑΥϧτͩͱPersistentVolumeClaim΁ม׵͞Ε·͕͢ɺ ͜Εʹ͍ͭͯ͸ --volumes Φϓγϣϯʹͯ hostPath ͱͯ͠ίϯόʔτ͢Δ͜ͱ΋Մ ೳͰ͢ɻDocker ComposeͰ͸ϗετྖҬΛϚ΢ϯτͯ͠ར༻͍ͯ͠Δέʔε͕ଟ͍ ͱࢥ͏ͷͰɺ࠷ॳ͸ hostPath ࢦఆͰίϯόʔτ͢Δํ͕ྑ͍͔΋஌Ε·ͤΜɻ (΋ͪΖΜޙ͔Βॻ͖௚͢લఏʹ͸ͳΓ·͢)

58. Kubernetesͷྑ͍ͱ ͜Ζͱগ͠ਏ͍ͱ͜ Ζͷ·ͱΊ

59. Kubernetesͷྑ͍ͱ͜Ζ͸ͳΜͱ ͳ͘Θ͔͖͔ͬͯͨͱࢥ͍·͢ɻ࠷ ޙʹɺྑ͍ͱࢥͬͨϙΠϯτͱɺ· ͩ·ͩগʑਏ͍ϙΠϯτΛ·ͱΊͯ Έ·ͨ͠ͷͰ঺հ͠·͢ɻ

60. Kubernetesͷྑ͍ϙΠϯτ

61. 1. σϓϩΠ͕ൺֱత؆୯ kubectl apply ίϚϯυ͚ͩͰࠩ෼ݕ஌ͯ͠چ࢓༷ͷPodͱ৽࢓༷ͷPodͷೖΕସ͑Λ ߦ͑Δͱ͍͏ͷ͸ඇৗʹ؆୯Ͱ͢ɻ(΋ͪΖΜͦΕ͚ͩͰ͸ग़དྷͳ͍έʔε΋͋Γ· ͕͢) Podͷ਺΍RollingUpdateͷઃఆΛҙࣝͯ͠ઃఆ͢Δ͜ͱͰແఀࢭσϓϩΠ͕؆ ୯ʹ࣮ݱͰ͖Δͷ͸΍͸Γڧ͘ɺKubernetesಋೖΛܾఆ෇͚ΔϙΠϯτͷ̍ͭʹͳ Δ͔ͱࢥ͍·͢ɻ

62. 2. ΫϥελߏஙͷͨΊͷपลπʔϧ͕๛෋ kops ΍ kube-aws ͳͲɺΫϥελߏஙΛ਺ίϚϯυ࣮ߦ͢Δ͚ͩͰ؆୯ʹ༻ҙͯ͠ ͘ΕΔपลπʔϧ͕͋ΔͨΊɺҰ͔ΒVPC΍αϒωοτͷઃܭΛࡉ͔͘Terraformͳ ͲͰ࡞͍ͬͯ͘ඞཁ΋গͳ͍Ͱ͢ɻ·ͨɺࡉ੍͔͍ޚΛ͍ͨ͠৔߹Ͱ΋ kops ͕

    TerraformͷtfϑΝΠϧΛग़ྗͰ͖ΔͷͰͦͷΑ͏ͳέʔεʹ΋ରԠ͕ग़དྷ·͢ɻ

63. Kubernetesͷਏ͍ϙΠϯτ

64. 1. ൿಗ৘ใΛϦϙδτϦʹͦͷ··ίϛοτ͠ਏ͍ KubernetesͰ͸SecretϦιʔεΛ࢖͏͜ͱͰൿಗ৘ใΛѻ͍΍͘͢ͳΓ·͕͢ɺઃ ఆϑΝΠϧ্͸஋ΛBase64Τϯίʔυͯ͠ه࿥͍ͯ͠Δ͚ͩʹա͗ͳ͍ͨΊɺ؆୯ ʹσίʔυͰ͖·͢ɻͦͷͨΊɺ͜ΕΛͦͷ·· git ϦϙδτϦ΁ίϛοτ͢Δͷ͸ ጨΒΕͯ͠·͍·͢ɻྫ͑ΔͳΒ Rails 5.2ͷCredentialsʹ૬౰͢Δػೳ͕ݸਓతʹ

    ͸͋Ε͹͍͍ͳͱࢥ͍ͬͯ·͕͢ɺͦͷΑ͏ͳػೳ͸ඪ४Ͱ͸ଘࡏ͠ͳ͍໛༷Ͱ ͢ɻͰ͕͢ɺ͜Εʹ͍ͭͯ͸ bitnami-labs/sealed-secrets ΛΠϯετʔϧͯ͠ SealedSecretϦιʔεΛ௥Ճ͢Δ͜ͱͰ࣮ݱՄೳͷΑ͏Ͱ͢ɻ ʻࢀߟαΠτʼ
 https://engineering.bitnami.com/articles/sealed-secrets.html

65. 2. ؀ڥม਺ΛઃఆϑΝΠϧ಺ͰࢀরͰ͖ͳ͍ Docker ComposeͷΑ͏ʹίϚϯυ࣮ߦ࣌ʹ؀ڥม਺Λ༩͑ɺͦΕΛઃఆϑΝΠϧ Ͱࢀর͢Δͱ͍ͬͨػೳ͸ݱঢ়αϙʔτ͞Ε͍ͯͳ͍Α͏Ͱ͢ɻDocker Composeͷ ͱ͖͸͜ΕͰϏϧυͨ͠λάͷόʔδϣϯΛ੾Γସ͍͑ͯͨͨΊɺগʑࠔΓ·͠ ͨɻ( $(pwd) ͷΑ͏ʹΧϨϯτσΟϨΫτϦΛࢦఆ͢Δ͜ͱ΋ग़དྷ·ͤΜ)

    ͨͩɺ͜Εʹ͍ͭͯ΋ճආࣗମ͸ՄೳͰɺͲ͏ͯ͠΋ͦͷΑ͏ͳ࢖͍ํΛ͍ͨ͠৔ ߹͸ envsubst ίϚϯυΛ࢖͑͹࣮ݱ͸ՄೳʹͳΓ·͢ɻ

66. ·ͱΊ

67. Kubernetes͸Docker for Mac/Win͕ωΠςΟ ϒͰαϙʔτ͢ΔΑ͏ʹͳͬͨӨڹ΍AWSͰ ΋EKS͕ొ৔ͨ͠ྲྀΕ΋͋Γɺࠓޙ΋࢖༻ࣄྫ ͕૿͍͔͑ͯ͘ͱࢥ͍·͢ɻ ͦͷͨΊ͜Ε͔Β৽͍͠αʔϏεΛߏங͠Α͏ ͱ͍ͯ͠Δํ΍ɺDockerΛ࢖͍ͬͯΔ΋ͷͷ Πϯϑϥ΍σϓϩΠ·ΘΓͷߏ੒؅ཧʹ೰ΜͰ ͍Δํ͸ɺੋඇಋೖΛݕ౼ͯ͠ΈΔ͜ͱΛ͓͢

    ͢Ί͍ͨ͠·͢ɻ

68. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠