Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Goでkubernetes operatorを実装してアプリのプレビュー環境を作る/go-ku...
Search
Takuma Kume
June 10, 2021
Technology
250
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Goでkubernetes operatorを実装してアプリのプレビュー環境を作る/go-kubernetes-operator
fukuoka.go#17
Takuma Kume
June 10, 2021
More Decks by Takuma Kume
See All by Takuma Kume
SRE/インフラエンジニアの市場価値とキャリアパス/Market value and career path for SRE-infrastructure engineers
takumakume
2
1.5k
【新卒研修】共通言語としてのSRE/SRE as a common language
takumakume
0
280
DDoSとの終わりなき戦い2025/endless_battle_with_ddos_attack_2025
takumakume
3
190
事業部CTOの現在地(パネルディスカッション)/Current-location-of-Division-CTO
takumakume
0
220
ロリポップ! for Gamersを支えるインフラ/lolipop for gamers infrastructure
takumakume
0
1.7k
ロリポップ! for Gamersの立ち上げ/lolipop for gamers launch
takumakume
0
3k
ホモグラフドメインを検出してみた/detect homograph domain
takumakume
0
800
ソフトウェアの継続的アップデートをコンテナ化によって加速させる/Accelerate continuous software updates with containerization
takumakume
0
5.6k
KubernetesにおけるSBOMを利用した脆弱性管理/Vulnerability_Management_with_SBOM_in_Kubernetes
takumakume
2
3.1k
Other Decks in Technology
See All in Technology
AIに「使われる」時代のSaaS戦略 〜既存WebAPIのMCPサーバー化における開発ノウハウ〜
ekispert_api
0
270
CVE-2026-20833_脆弱性対応とAES 化について
jukishiya
0
340
ゼロをイチにする仕事が終わったあと
smasato
0
220
知見・人・API・DB・予算 ─ ナイナイ尽くしだった人事データ整備 with dbt、5年間の学び
ken6377
1
130
AIで政治は変わるのか? — 中高生と考えたAI時代の民主主義(東海高校サタデープログラム)
eitarosuda
0
360
『AIに負けない』より『AIと遊ぶ』」〜ワクワクが最強のテスト・QA学習戦略_公開用
odan611
1
350
水を運ぶ人としてのリーダーシップ
izumii19
4
1.2k
FinOps X 2026 Recap from Engineer Side #JapanFinOps
chacco38
0
240
そのタスクオンスケですか?
poropinai1966
0
110
デジタル・デザイン構想 by Sayaka Ishizuka
y150saya
0
180
技術・能力を向上する原理原則 #きのこセッションa #きのこ2026
bash0c7
0
190
10x Speed With QA Agent Platform - How we scaled adoption from individual effort to organizational capability
lycorptech_jp
PRO
0
110
Featured
See All Featured
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.5k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
52k
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
170
Statistics for Hackers
jakevdp
799
230k
Building a Scalable Design System with Sketch
lauravandoore
463
34k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
31
3.2k
The Limits of Empathy - UXLibs8
cassininazir
1
380
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
280
So, you think you're a good person
axbom
PRO
2
2.1k
Scaling GitHub
holman
464
140k
How to Talk to Developers About Accessibility
jct
2
270
How to make the Groovebox
asonas
2
2.3k
Transcript
GVLVPLBHP (PͰLVCFSOFUFTPQFSBUPSΛ࣮ͯ͠ ΞϓϦͷϓϨϏϡʔڥΛ࡞Δ
(.0ϖύϘגࣜձࣾ ϗεςΟϯάࣄۀ෦ 43&νʔϜ ΫϥυωΠςΟϒԽͷਪਐ ٱถഅ!UBLVNBLVNF
࣍ wlLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ wࠓճ࣮ͨ͠ιϑτΣΞͷհ w։ൃܦҢ w(PʹΑΔ0QFSBUPS࣮ wॴײ
zLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ
zLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ apiserver kubectl apply Control plane Data plane controller manager
ReplicaSet Pod Pod ࢦఆ͞ΕͨPodͷΛ อͱ͏ͱ͢Δ ReplicaSetͷྫ replicas:2 PodΛ1ͭআͯ͠ ίϯτϩʔϥʔ͕ݕͯ͠ ࠶࡞͞ΕΔ
zLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ apiserver kubectl apply Control plane Data plane controller manager
ReplicaSet Pod Pod ࢦఆ͞ΕͨPodͷΛ อͱ͏ͱ͢Δ ReplicaSetͷྫ replicas:2 PodΛ1ͭআͯ͠ ίϯτϩʔϥʔ͕ݕͯ͠ ࠶࡞͞ΕΔ kubernetes ͜ͷಈ͖Λ֦ுͰ͖Δ kubernetesΛ֦ு͢Δख๏ͷͻͱͭʹOperator͕͋Δ
zLVCFSOFUFTPQFSBUPSΛ࡞Δzͱ apiserver kubectl apply Control plane Data plane Custom Controller
Custom Resource Custom Resource Definition (CRD) + ಠࣗͷϦιʔεఆٛ CRDͷఆٛʹج͍ͮͨ Ϧιʔε CRΛίϯτϩʔϧͯ͠ ఆٛ͞Εͨঢ়ଶʹอͭ kubernetes operator ͷ࣮ମ
ࠓճ࣮ͨ͠ͷ
apiVersion: service-expose.../v1alpha1 kind: ServiceExpose metadata: name: example namespace: ns1 spec:
backend: service: name: example-svc port: number: 8080 domain: example.com path: / pathType: Prefix tlsEnable: true tlsSecretName: example-tls annotations: cert-manager.io/cluster-issuer: letsencrypt apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: example namespace: ns1 annotations: cert-manager.io/cluster-issuer: letsencrypt spec: rules: - host: example-svc.ns1.example.com http: paths: - backend: service: name: example-svc port: number: 8080 path: / pathType: Prefix tls: - hosts: - example-svc.ns1.example.com secretName: example-tls backend: service: name: example-svc port: number: 8080 example-svc ns1 example.com example-svc ns1 example.com example-svc ns1 example.com ࢦఆͨ͠ServiceΛ IngressͰެ։͢Δ ެ։͢Δϗετ໊ͱͯ͠ αʔϏεσΟεΧόϦతʹ ࣗಈͰ༩͢Δ IUUQTHJUIVCDPNUBLVNBLVNFTFSWJDFFYQPTFPQFSBUPS αʔϏε໊ namespace υϝΠϯ Custom Resource
։ൃܦҢ
։ൃܦҢ w 8FCΞϓϦέʔγϣϯΛෳӡ༻͍ͯͯ͠ɺ։ൃؔऀ໊Ҏ্͍ Δ w 1VMM3FRVFTUຖͷϓϨϏϡʔڥΛLVCFSOFUFT্Ͱ࣮ߦ͍ͨ͠ w 1VMM3FRVFTU͕࡞͞ΕͨΒɺઐ༻ͷڥ্ཱ͕͕ͪΔ w ݱࡏͭͷTUBHJOHڥΛ։ൃऀͰڞ༗͍ͯ͠Δ
w σϓϩΠͷखؒ w ར༻ऀͷڝ߹ എܠ
kubernetes cluster app repo system manifests repo Pull Request Github
Actions ArgoCD Config ArgoCD Github Actions ArgoCD Config Pod Ingress Namespace: app-pr-XXX 1.PRͷ࡞ 2.PRͷϒϥϯνΛ kubernetesΫϥελʹ σϓϩΠ͢ΔͨΊͷ ArgoCDͷઃఆΛੜ commit Service 3.ArgoCDͷ ઃఆՃΛݕ 4.ArgoCDͷઃఆΛ σϓϩΠ 5.PRͷϒϥϯνͷ σϓϩΠΛ։࢝ dispatch argocd-util ίϚϯυͰੜ ʲ1VMM3FRVFTUຖͷϓϨϏϡʔڥʳ ArgoCDGithub ActionsΛ׆༻ͯ͠Pull ReqτϦΨʔͰGitOpsͰϓϨϏϡʔڥΛੜ͍ͯ͠Δ 6.PRͷϒϥϯνͷ ϓϨϏϡʔڥ͕࡞ΒΕΔ 7. external-dnsͰAϨίʔυ, cert-managerͰTLSূ໌ॻΛ ࣗಈઃఆ
!"" main.go #"" manifests !"" base $ !"" kustomization.yaml $
!"" app.deployment.yaml $ #"" app.service.yaml #"" overlays !"" production $ !"" kustomization.yaml $ #"" app.ingress.yaml #"" staging !"" kustomization.yaml #"" app.ingress.yaml apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: app-pr-XXX spec: destination: namespace: app-pr-XXX server: https://kubernetes.default.svc source: path: manifests/overlays/staging repoURL: https://github.com/takumakume/app targetRevision: future-branch syncPolicy: syncOptions: - CreateNamespace=true ֤ڥͷmanifestsΛkustomizeͰཧ͍ͯ͠Δ #"" staging !"" kustomization.yaml #"" app.ingress.yaml Pull RequestຖʹNamespaceΛͬͯ stagingڥͷෳΛ࡞͍ͬͯΔ app-pr-XXX ʲ1VMM3FRVFTUຖͷϓϨϏϡʔڥʳ app repo
։ൃܦҢ ٕज़త՝ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: app-ingress
namespace: app spec: rules: - host: staging-app.example.com http: paths: - backend: service: name: app-svc port: number: 8080 path: / pathType: Prefix tls: - hosts: - staging-app.example.com secretName: app-tls staging-app.example.com staging-app.example.com w ڥͷෳ࡞Εͯɺ*OHSFTTͷϗετ ໊෦Λม͑Δ͜ͱ͕Ͱ͖ͳ͍ɻ w LVTUPNJ[Fͷ+40/1BUDIػೳɺZRίϚ ϯυͳͲͰஔͭͭ͠ద༻͢Δ͜ͱͰ ͖Δ͕ཧ͕ࡶʹͳΔɻʢܦݧࡁʣ w ద༻લͰNBOJGFTUTΛॻ͖࣮͑ͭͭ ߦ͢Δͱ(JU0QTʹΑΔԸܙ͕ബΕΔɻ ίί ίί
։ൃܦҢ ࣮ํ w (JU0QT͕Ͱ͖Δ͜ͱ w એݴతͰ͋Δ͜ͱ w ϓϨϏϡʔڥʹΞΫηε͢ΔͨΊͷϗετ໊ΛͲ͏͢Δ͔ʁ w
LVCFSOFUFTͷ4FSWJDF%JTDPWFSZ w 4&37*$&@/".&/".&"1"$&TWDDMVTUFSMPDBM w *OHSFTTͰ࣮ݱͰ͖ΔͱศརͰͳ͍͔
apiVersion: service-expose.../v1alpha1 kind: ServiceExpose metadata: name: example namespace: ns1 spec:
backend: service: name: example-svc port: number: 8080 domain: example.com path: / pathType: Prefix tlsEnable: true tlsSecretName: example-tls annotations: cert-manager.io/cluster-issuer: letsencrypt apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: example namespace: ns1 annotations: cert-manager.io/cluster-issuer: letsencrypt spec: rules: - host: example-svc.ns1.example.com http: paths: - backend: service: name: example-svc port: number: 8080 path: / pathType: Prefix tls: - hosts: - example-svc.ns1.example.com secretName: example-tls backend: service: name: example-svc port: number: 8080 example-svc ns1 example.com example-svc ns1 example.com example-svc ns1 example.com ެ։͢Δ Service αʔϏεσΟεΧόϦతͳ ϗετ໊ΛࣗಈͰ༩ αʔϏε໊ namespace υϝΠϯ ࠶ܝ
kubernetes cluster app repo system manifests repo Pull Request Github
Actions ArgoCD Config ArgoCD Github Actions ArgoCD Config Pod Namespace: app-pr-XXX 1.PRͷ࡞ 2.PRͷϒϥϯνΛ kubernetesΫϥελʹ σϓϩΠ͢ΔͨΊͷ ArgoCDͷઃఆΛੜ commit Service 3.ArgoCDͷ ઃఆՃΛݕ 4.ArgoCDͷઃఆΛ σϓϩΠ 5.PRͷϒϥϯνͷ σϓϩΠΛ։࢝ 6.PRͷϒϥϯνͷ ϓϨϏϡʔڥ͕࡞ΒΕΔ dispatch argocd-util ίϚϯυͰੜ Service Expose ੜ app.app-pr-XXX.example.com Ingress 7. external-dnsͰAϨίʔυ, cert-managerͰTLSূ໌ॻΛ ࣗಈઃఆ ServiceExposeͷΈσϓϩΠ͢Δ͜ͱͰIngressࣗಈੜ͞ΕΔ
(PʹΑΔ0QFSBUPSͷ࣮
(PʹΑΔ0QFSBUPS࣮ w ࣮खஈ w IUUQTLVCFSOFUFTJPEPDTDPODFQUTFYUFOELVCFSOFUFTPQFSBUPS w 0QFSBUPS'SBNFXPSL w $/$'*ODVCBUJOH1SPKFDU
w (PΛ༻͍࣮ͨʹ͓͍ͯ෦ͰLVCFCVJMEFSΛར༻͍ͯ͠Δ
0QFSBUPS'SBNFXPSL w 0QFSBUPS4%, w LVCFSOFUFT"1*ʹਂ͍͕ࣝͳͯ͘ɺϩδοΫʹूதͰ͖ΔΑ͏ ʹӅณͯ͘͠Ε͍ͯΔ w ίʔυδΣωϨʔλʔ w
ςετ w ύοέʔδϯά
0QFSBUPS'SBNFXPSL w ࣮ʹ͋ͨͬͯͬͨ͜ͱ w 0QFSBUPS'SBNFXPSLͷެࣜυΩϡϝϯτ͕ॆ࣮͍ͯ͠ΔͷͰɺج ຊతʹͦ͜Λࢀর͢Δ IUUQTTELPQFSBUPSGSBNFXPSLJPEPDTCVJMEJOHPQFSBUPSTHPMBOH w
ͨ·ʹࡌ͍ͬͯͳ͍߹͕͋ΔͷͰɺLVCFCVJMEFSͷެࣜυΩϡϝ ϯτͰิ͢Δ IUUQTCPPLLVCFCVJMEFSJP w ϕετϓϥΫςΟεͷ࣮ફ IUUQTTELPQFSBUPSGSBNFXPSLJPEPDTCFTUQSBDUJDFTCFTUQSBDUJDFT
w 3FDPODJMFS-PPQͷ࣮͕ϝΠϯ w ྫɿʮ1PEΛݸ࣮ߦ͢Δʯͱఆٛ͢Εͦͷঢ়ଶʹऩଋ͢Δಈ͖ (PʹΑΔ0QFSBUPS࣮ Observe Diff Action ঢ়ଶΛऔಘ
ࠩΛݕग़ ࠩͷमਖ਼
w TFSWJDFFYQPTFPQFSBUPSͷ3FDPODJMFS-PPQ (PʹΑΔ0QFSBUPS࣮ Observe Diff Action - ੜ͖͢IngressͷSpecʁ -
ੜ͖͢Ingressͱݱࡏͷ Ingressͷࠩͳʹ͔ʁ - ࠩΛຒΊΔͨΊʹIngressͷ Create/Update/DeleteΛ࣮ߦ
w ςετ (PʹΑΔ0QFSBUPS࣮ ServiceExpose ঢ়ଶऔಘ Ingress ଘࡏ͢Δ͔ʁ Ingressͷ Ξοϓσʔτ
ඞཁ͔ʁ Ingress ੜ Ingress Ξοϓσʔτ Y Y N N Reconciler Loop w ্هͷΑ͏ʹ0QFSBUPSঢ়ଶભҠ͕ൃੜ͢Δɻ w ͋ΒΏΔύλʔϯͰ3FDPODJMFS-PPQ͕ႈʹͳΔΑ͏ʹςετ͠ ͍ͨɻ
w 0QFSBUPS4%,͕ҎԼͷπʔϧΛ༻͍ͯৼΔ͍ςετͷ࣮ߦڥΛ ఏڙ͍ͯ͠Δ w FOWUFTUDPOUSPMMFSSVOUJNFͷύοέʔδͰɺςετ༻ͷ LVCFSOFUFTDPOUSPMQMBOFΛఏڙ͢Δ w HJOLHP(PMBOHͷ#%%ςετϑϨʔϜϫʔΫ w
HPNFHB(PMBOHͷ.BUDIFS-JCSBSZ HJOLHPͱηοτͰ͏ (PʹΑΔ0QFSBUPS࣮
w ྫ͑ɺ4FSWJDF&YQPTF$VTUPN3FTPVSDF͕σϓϩΠ͞Εͨ͋ͱʹɺ 4UBUVT͕3FBEZʹભҠ͢ΔͷΛͪɺ*OHSFTT͕ੜͰ͖͍ͯΔ͔ͱ͍ ͏ςετ͕ॻ͚Δɻ (PʹΑΔ0QFSBUPS࣮
ॴײ
w (JU0QTͰΧόʔͰ͖ͳ͔ͬͨҰ෦ͷΛΓग़ͯ͠0QFSBUPSͱ͍ ͏ख๏ͰղܾͰ͖ͨɻ w ϓϨϏϡʔڥͷੜશମΛ0QFSBUPSͱ࣮ͯ͢͠Δ͜ͱߟ͑ ͕ͨɺιϑτΣΞΛγϯϓϧʹอͭ΄͏͕ྑ͍ͱߟ͑ͨɻ w (PͰ0QFSBUPSΛ࣮͢Δ্Ͱ0QFSBUPS4%,Λ͕ͬͨɺϩδοΫ ʹूதͰ͖ͯศརͩͬͨɻ
w (Pͱ͍͑ςʔϒϧۦಈςετΛΑ͘͏͕ɺঢ়ଶભҠΛςετ͢ Δ্Ͱ#%%ศརͩͬͨɻ ॴײ