Blog | 김천규

k8s pod CKA

March 3, 2025 · 2 min read

cka-exam'이라는 namespace를 만들고, 'cka-exam' namespace에 아래와 같은 Pod를 생성하시오. • pod Name: pod-01 • image: busybox • 환경변수 : CERT = "CKA-cert" • command: /bin/sh • args: -c "while true; do echo $(CERT); sleep 10;done"

// 네임스페이스 변경
$ kubectl config set-context --current --namespace=네임스페이스

// 네임스페이스 조회
$ kubectl config get-contexts

https://stackoverflow.com/questions/55373686/how-to-switch-namespace-in-kubernetes

static pod

API 서버 없이 특정 노드에 있는 kubelet 에 의해 직접 관리 /etc/kubernetes/manifests/ 디렉토리에 pod yaml 파일을 저장 시 적용됨

 static pod 디렉토리 구성
# cat /var/lib/kubelet/config.yaml
…
staticPodPath: /etc/kubernetes/manifests

/etc/kubernetes/manifests에 yaml 추가 시 pod 생성, yaml 파일 삭제 시 Pod 삭제 (자동으로)

multi-container

sidecar-container

sidecar

기본 컨테이너 기능을 확장하기 위해 사용 본래의 컨테이너는 기본 서비스에 충실하고, 추가 기능을 별도의 컨테이너를 이용해 적용

apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp
  labels:
    app: myapp
spec:
  replicas: 1
  selector:
    matchLabels:
      app: myapp
  template:
    metadata:
      labels:
        app: myapp
    spec:
      containers:
        - name: myapp
          image: alpine:latest
          command:
            [
              "sh",
              "-c",
              'while true; do echo "logging" >> /opt/logs.txt; sleep 1; done',
            ]
          volumeMounts:
            - name: data
              mountPath: /opt
      initContainers:
        - name: logshipper
          image: alpine:latest
          restartPolicy: Always
          command: ["sh", "-c", "tail -F /opt/logs.txt"]
          volumeMounts:
            - name: data
              mountPath: /opt
      volumes:
        - name: data
          emptyDir: {}

https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/

k8s kind

March 2, 2025 · 2 min read

kind 설치하기
kind 멀티노드 설치

kind 설치하기

brew install kind
brew install kubectl

kind create cluster --name k8s-cluster
kubectl cluster-info --context k8s-cluster

kind 멀티노드 설치

cat > kind-config.yaml <<EOF
# three node (two workers) cluster config
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
- role: worker
- role: worker
EOF

kind create cluster --name k8s-playground --config kind-config.yaml

kind get clusters

kind get kubeconfig --name k8s-cluster

% kubectl cluster-info
Kubernetes control plane is running at https://127.0.0.1:49388
CoreDNS is running at https://127.0.0.1:49388/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

% kubectl config get-contexts
CURRENT   NAME               CLUSTER            AUTHINFO           NAMESPACE
*         kind-k8s-cluster   kind-k8s-cluster   kind-k8s-cluster

% kubectl get services
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP   4m42s

% kubectl get  nodes
NAME                        STATUS   ROLES           AGE   VERSION
k8s-cluster-control-plane   Ready    control-plane   5m    v1.32.0

% kubectl get pod
No resources found in default namespace.

% kubectl get namespaces
NAME                 STATUS   AGE
default              Active   5m45s
kube-node-lease      Active   5m45s
kube-public          Active   5m45s
kube-system          Active   5m45s
local-path-storage   Active   5m41s

Reference

https://mcvidanagama.medium.com/set-up-a-multi-node-kubernetes-cluster-locally-using-kind-eafd46dd63e5

JVM

February 24, 2025 · 3 min read

Java Source : 사용자가 작성한 Java 코드

Java Compiler : Java Source 파일을 JVM이 해석할 수 있는 Java Byte Code로 변경

Java Byte Code : Java Compiler에 의해 수행될 결과물 (.class 파일)

Execution Engine : Loading 된 클래스의 Bytecode를 해석

Runtime Data Area: : JVM이라는 프로세스가 프로그램을 수행하기 위해 OS에서 할당 받은 메모리 공간

Method Area: 클래스, 변수, Method, static 변수, 상수 정보 등이 저장되는 영역

Heap Area: new 명령어로 생성된 인스턴스와 객체가 저장되는 구역 (GC는 이 영역에서 수행. 모든 Thead 공유)

Stack Area: Method 내에서 사용되는 값들 (매개변수,지역변수,리턴값 등) 이 저장되는 구역. 메소드 호출될 때 LIFO로 하나씩 생성. 메소드 실행이 완료되면 LIFO로 하나씩 지워짐 (각 Thread별로 하나씩 생성)

Pc Register: CPU의 레지스터와 역할이 비슷. 현재 수행 중인 JVM 명령의 주소 값이 저장

Native Method Stack: 다른 언어(C/C++ 등)의 메소드 호출을 위해 할당되는 구역으로 언어에 맞게 Stack이 형성

Java Heap

Hotspot JVM

GC

명시적인 메모리 해제보다 느림 GC 순간 발생하는 Suspend Time으로 인해 다양한 문제 야기

Root Set의 광의적 개념으로서

Root Set에서 어떤 식으로든 Reference 관계가 있으면 Reaable Object라고 하며 이를 현재 사용되는 Object로 판단

Local variable Section, Operand Stack에 Object의 Reference 정보가 있다면 Reachable Object이다

Methoad Aread에 로딩된 클래스 중 contant pool에 있는 Refence 정보를 토대로 Thread에서 직접 참조하진 않지만 constant pool을 통해 간접 link를 하고 있는 Object는 Reachable Object이다.

아직 Memory에 남아 있으며 Native Method Area로 넘겨진 Object는 Reachable Object이다.

GC Fragment

메모리 Compaction

GC 튜닝

Terraform

February 17, 2025 · 5 min read

DevOps 철학

문화(Culture) - 하나의 문화를 만들어 나가기
자동화(Automation) - 자동화를 통해 효율성과 빠른 속도를 지향하기
측정(Measurement) - 지표를 측정하여 지속적으로 개선하기
공유(Share) - 공유를 통한 발전
축적(File Up & Pile Up) - 기록을 축적하고 더욱 개선하기

lifecycle

create_before_destory : 리소스 수정 시 신규 리소스를 우선 생성하고 기존 리소스를 삭제
prevent_destroy: 해당 리소스를 삭제하려 할 때 명시적으로 거부
ignore_changes : 리소스 요소에 선언된 인수의 변경 사항을 테라폼 실행 시 무시
precondition : 리스트 요소에 선언된 인수의 조건을 검증
postcondition: Plan과 Apply 이후의 결과를 속성 값으로 검증

homebrew 설치 권한 이슈

https://stackoverflow.com/questions/16432071/how-to-fix-homebrew-permissions

As Homebrew does not drop privileges on installation you would be giving all
build scripts full access to your system.
keke@MacBookPro ~ % sudo chown -R $(whoami) $(brew --prefix)/\*

terraform upgrade 1.2.3 -> 1.10.0

keke@MacBookPro ~ % brew upgrade terraform
==> Auto-updating Homebrew...
Adjust how often this is run with HOMEBREW_AUTO_UPDATE_SECS or disable with
HOMEBREW_NO_AUTO_UPDATE. Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`).
==> Downloading https://ghcr.io/v2/homebrew/portable-ruby/portable-ruby/blobs/sha256:d9faa506c014dedc0b034a68103ba75c9a58242f4d6c67b6ca0f649c39602bcf
######################################################################### 100.0%
==> Pouring portable-ruby-3.3.7.arm64_big_sur.bottle.tar.gz
==> Auto-updated Homebrew!
Updated 1 tap (homebrew/services).
No changes to formulae or casks.

==> Upgrading 1 outdated package:
terraform 1.2.3 -> 1.5.7
Warning: terraform has been deprecated because it changed its license to BUSL on the next release! It will be disabled on 2025-04-04.
==> Downloading https://ghcr.io/v2/homebrew/core/terraform/manifests/1.5.7-1
######################################################################### 100.0%
==> Fetching terraform
==> Downloading https://ghcr.io/v2/homebrew/core/terraform/blobs/sha256:87e8faf4
######################################################################### 100.0%
==> Upgrading terraform
  1.2.3 -> 1.5.7
==> Pouring terraform--1.5.7.arm64_sequoia.bottle.1.tar.gz
==> Caveats
We will not accept any new Terraform releases in homebrew/core (with the BUSL license).
The next release changed to a non-open-source license:
https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license
See our documentation for acceptable licences:
  https://docs.brew.sh/License-Guidelines
==> Summary
🍺  /opt/homebrew/Cellar/terraform/1.5.7: 7 files, 62.3MB
==> Running `brew cleanup terraform`...
Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP.
Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`).
Removing: /opt/homebrew/Cellar/terraform/1.2.3... (6 files, 66.2MB)
==> `brew cleanup` has not been run in the last 30 days, running now...
Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP.
Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`).
Removing: /Users/keke/Library/Caches/Homebrew/act_bottle_manifest--0.2.61... (7.2KB)
Removing: /Users/keke/Library/Caches/Homebrew/aom_bottle_manifest--3.9.1... (21.7KB)
Removing: /Users/keke/Library/Caches/Homebrew/aom--3.9.1... (3.8MB)
Removing: /Users/keke/Library/Caches/Homebrew/boost_bottle_manifest--1.85.0... (30.3KB)
Removing: /Users/keke/Library/Caches/Homebrew/boost--1.85.0... (94MB)
Removing: /Users/keke/Library/Caches/Homebrew/c-ares_bottle_manifest--1.33.0... (7.8KB)
Removing: /Users/keke/Library/Caches/Homebrew/c-ares--1.33.0... (266.5KB)
Removing: /Users/keke/Library/Caches/Homebrew/ca-certificates_bottle_manifest--2024-07-02... (1.8KB)
Removing: /Users/keke/Library/Caches/Homebrew/ca-certificates--2024-07-02... (129.1KB)
Removing: /Users/keke/Library/Caches/Homebrew/edencommon_bottle_manifest--2024.08.12.00... (24.8KB)
Removing: /Users/keke/Library/Caches/Homebrew/edencommon--2024.08.12.00... (420.7KB)
Removing: /Users/keke/Library/Caches/Homebrew/fb303_bottle_manifest--2024.08.12.00... (23.9KB)
Removing: /Users/keke/Library/Caches/Homebrew/fb303--2024.08.12.00... (732KB)
Removing: /Users/keke/Library/Caches/Homebrew/fbthrift_bottle_manifest--2024.08.12.00... (23.3KB)
Removing: /Users/keke/Library/Caches/Homebrew/fbthrift--2024.08.12.00... (5MB)
Removing: /Users/keke/Library/Caches/Homebrew/fizz_bottle_manifest--2024.08.12.00... (20.6KB)
Removing: /Users/keke/Library/Caches/Homebrew/fizz--2024.08.12.00... (993.3KB)
Removing: /Users/keke/Library/Caches/Homebrew/folly_bottle_manifest--2024.08.12.00... (19.5KB)
Removing: /Users/keke/Library/Caches/Homebrew/folly--2024.08.12.00... (6.3MB)
Removing: /Users/keke/Library/Caches/Homebrew/fribidi_bottle_manifest--1.0.15... (7.5KB)
Removing: /Users/keke/Library/Caches/Homebrew/fribidi--1.0.15... (141.2KB)
Removing: /Users/keke/Library/Caches/Homebrew/gdbm_bottle_manifest--1.24... (7.8KB)
Removing: /Users/keke/Library/Caches/Homebrew/gdbm--1.24... (272.6KB)
Removing: /Users/keke/Library/Caches/Homebrew/gdk-pixbuf_bottle_manifest--2.42.12... (22.2KB)
Removing: /Users/keke/Library/Caches/Homebrew/gdk-pixbuf--2.42.12... (766.3KB)
Removing: /Users/keke/Library/Caches/Homebrew/giflib_bottle_manifest--5.2.2... (7.2KB)
Removing: /Users/keke/Library/Caches/Homebrew/giflib--5.2.2... (149.2KB)
Removing: /Users/keke/Library/Caches/Homebrew/git_bottle_manifest--2.46.0... (15.4KB)
Removing: /Users/keke/Library/Caches/Homebrew/glib_bottle_manifest--2.80.4... (23.0KB)
Removing: /Users/keke/Library/Caches/Homebrew/glib--2.80.4... (8.5MB)
Removing: /Users/keke/Library/Caches/Homebrew/gnutls_bottle_manifest--3.8.4... (17.9KB)
Removing: /Users/keke/Library/Caches/Homebrew/gnutls--3.8.4... (3.0MB)
Removing: /Users/keke/Library/Caches/Homebrew/gradle_bottle_manifest--8.10... (37.8KB)
Removing: /Users/keke/Library/Caches/Homebrew/gradle--8.10... (189.1MB)
Removing: /Users/keke/Library/Caches/Homebrew/graphviz_bottle_manifest--12.1.0... (54.9KB)
Removing: /Users/keke/Library/Caches/Homebrew/graphviz--12.1.0... (2.9MB)
Removing: /Users/keke/Library/Caches/Homebrew/harfbuzz_bottle_manifest--9.0.0... (31.3KB)
Removing: /Users/keke/Library/Caches/Homebrew/harfbuzz--9.0.0... (2.5MB)
Removing: /Users/keke/Library/Caches/Homebrew/highway_bottle_manifest--1.2.0... (7.7KB)
Removing: /Users/keke/Library/Caches/Homebrew/highway--1.2.0... (733.9KB)
Removing: /Users/keke/Library/Caches/Homebrew/jasper_bottle_manifest--4.2.4... (8.3KB)
Removing: /Users/keke/Library/Caches/Homebrew/jasper--4.2.4... (465.7KB)
Removing: /Users/keke/Library/Caches/Homebrew/jenv_bottle_manifest--0.5.7... (1.8KB)
Removing: /Users/keke/Library/Caches/Homebrew/jenv--0.5.7... (22.1KB)
Removing: /Users/keke/Library/Caches/Homebrew/jpeg-turbo_bottle_manifest--3.0.3... (7.7KB)
Removing: /Users/keke/Library/Caches/Homebrew/jpeg-turbo--3.0.3... (1.1MB)
Removing: /Users/keke/Library/Caches/Homebrew/jpeg-xl_bottle_manifest--0.10.3... (23.0KB)
Removing: /Users/keke/Library/Caches/Homebrew/jpeg-xl--0.10.3... (11.9MB)
Removing: /Users/keke/Library/Caches/Homebrew/kotlin_bottle_manifest--2.0.10... (5.9KB)
Removing: /Users/keke/Library/Caches/Homebrew/kotlin--2.0.10... (79.8MB)
Removing: /Users/keke/Library/Caches/Homebrew/libavif_bottle_manifest--1.1.1... (22.9KB)
Removing: /Users/keke/Library/Caches/Homebrew/libavif--1.1.1... (195.0KB)
Removing: /Users/keke/Library/Caches/Homebrew/libnghttp2_bottle_manifest--1.61.0... (7.4KB)
Removing: /Users/keke/Library/Caches/Homebrew/libnghttp2--1.61.0... (224.2KB)
Removing: /Users/keke/Library/Caches/Homebrew/librsvg_bottle_manifest--2.58.2... (37.2KB)
Removing: /Users/keke/Library/Caches/Homebrew/librsvg--2.58.2... (14.8MB)
Removing: /Users/keke/Library/Caches/Homebrew/libslirp_bottle_manifest--4.8.0... (17.3KB)
Removing: /Users/keke/Library/Caches/Homebrew/libslirp--4.8.0... (148.1KB)
Removing: /Users/keke/Library/Caches/Homebrew/libsodium_bottle_manifest--1.0.20... (7.4KB)
Removing: /Users/keke/Library/Caches/Homebrew/libsodium--1.0.20... (309.2KB)
Removing: /Users/keke/Library/Caches/Homebrew/libssh_bottle_manifest--0.11.0... (9.3KB)
Removing: /Users/keke/Library/Caches/Homebrew/libx11_bottle_manifest--1.8.10... (15KB)
Removing: /Users/keke/Library/Caches/Homebrew/libx11--1.8.10... (2.1MB)
Removing: /Users/keke/Library/Caches/Homebrew/libxcb_bottle_manifest--1.17.0... (15.8KB)
Removing: /Users/keke/Library/Caches/Homebrew/libxcb--1.17.0... (977.2KB)
Removing: /Users/keke/Library/Caches/Homebrew/llvm_bottle_manifest--18.1.8... (38.2KB)
Removing: /Users/keke/Library/Caches/Homebrew/llvm--18.1.8... (481.2MB)
Removing: /Users/keke/Library/Caches/Homebrew/mvfst_bottle_manifest--2024.08.12.00... (20.8KB)
Removing: /Users/keke/Library/Caches/Homebrew/mvfst--2024.08.12.00... (1.6MB)
Removing: /Users/keke/Library/Caches/Homebrew/ncurses_bottle_manifest--6.5... (11.2KB)
Removing: /Users/keke/Library/Caches/Homebrew/ncurses--6.5... (2.4MB)
Removing: /Users/keke/Library/Caches/Homebrew/netpbm_bottle_manifest--11.02.09... (13.8KB)
Removing: /Users/keke/Library/Caches/Homebrew/netpbm--11.02.09... (1.7MB)
Removing: /Users/keke/Library/Caches/Homebrew/nettle_bottle_manifest--3.10... (8.4KB)
Removing: /Users/keke/Library/Caches/Homebrew/nettle--3.10... (970.0KB)
Removing: /Users/keke/Library/Caches/Homebrew/node_bottle_manifest--22.6.0... (18.2KB)
Removing: /Users/keke/Library/Caches/Homebrew/node--22.6.0... (19.8MB)
Removing: /Users/keke/Library/Caches/Homebrew/openexr_bottle_manifest--3.2.4... (8.4KB)
Removing: /Users/keke/Library/Caches/Homebrew/openexr--3.2.4... (1.9MB)
Removing: /Users/keke/Library/Caches/Homebrew/openjdk_bottle_manifest--22.0.2... (38.7KB)
Removing: /Users/keke/Library/Caches/Homebrew/openjdk--22.0.2... (190.3MB)
Removing: /Users/keke/Library/Caches/Homebrew/openjdk@17_bottle_manifest--17.0.12... (38.6KB)
Removing: /Users/keke/Library/Caches/Homebrew/openjdk@21_bottle_manifest--21.0.4... (38.7KB)
Removing: /Users/keke/Library/Caches/Homebrew/openjdk@21--21.0.4... (191.7MB)
Removing: /Users/keke/Library/Caches/Homebrew/openssl@1.1_bottle_manifest--1.1.1w... (10.9KB)
Removing: /Users/keke/Library/Caches/Homebrew/openssl@3_bottle_manifest--3.3.1... (9.2KB)
Removing: /Users/keke/Library/Caches/Homebrew/openssl@3--3.3.1... (9.5MB)
Removing: /Users/keke/Library/Caches/Homebrew/p11-kit_bottle_manifest--0.25.5-1... (10.0KB)
Removing: /Users/keke/Library/Caches/Homebrew/p11-kit--0.25.5... (874.3KB)
Removing: /Users/keke/Library/Caches/Homebrew/pango_bottle_manifest--1.54.0... (32.0KB)
Removing: /Users/keke/Library/Caches/Homebrew/pango--1.54.0... (817KB)
Removing: /Users/keke/Library/Caches/Homebrew/pcre2_bottle_manifest--10.44... (8.8KB)
Removing: /Users/keke/Library/Caches/Homebrew/pcre2--10.44... (2MB)
Removing: /Users/keke/Library/Caches/Homebrew/pyenv_bottle_manifest--2.4.10... (26.7KB)
Removing: /Users/keke/Library/Caches/Homebrew/python@3.10_bottle_manifest--3.10.14_1... (25.0KB)
Removing: /Users/keke/Library/Caches/Homebrew/python@3.10--3.10.14_1... (14.1MB)
Removing: /Users/keke/Library/Caches/Homebrew/python@3.11_bottle_manifest--3.11.9_1... (24.8KB)
Removing: /Users/keke/Library/Caches/Homebrew/python@3.12_bottle_manifest--3.12.5... (24.4KB)
Removing: /Users/keke/Library/Caches/Homebrew/python@3.12--3.12.5... (15.5MB)
Removing: /Users/keke/Library/Caches/Homebrew/qemu_bottle_manifest--9.0.2... (53.6KB)
Removing: /Users/keke/Library/Caches/Homebrew/qemu--9.0.2... (104.4MB)
Removing: /Users/keke/Library/Caches/Homebrew/ruby_bottle_manifest--3.3.4... (16.4KB)
Removing: /Users/keke/Library/Caches/Homebrew/snappy_bottle_manifest--1.2.1... (7.3KB)
Removing: /Users/keke/Library/Caches/Homebrew/snappy--1.2.1... (45.3KB)
Removing: /Users/keke/Library/Caches/Homebrew/sqlite_bottle_manifest--3.46.1... (8.8KB)
Removing: /Users/keke/Library/Caches/Homebrew/sqlite--3.46.1... (2.2MB)
Removing: /Users/keke/Library/Caches/Homebrew/unbound_bottle_manifest--1.21.0... (14.5KB)
Removing: /Users/keke/Library/Caches/Homebrew/unbound--1.21.0... (2.8MB)
Removing: /Users/keke/Library/Caches/Homebrew/virtualenv_bottle_manifest--20.26.3... (15.8KB)
Removing: /Users/keke/Library/Caches/Homebrew/wangle_bottle_manifest--2024.08.12.00... (21.1KB)
Removing: /Users/keke/Library/Caches/Homebrew/wangle--2024.08.12.00... (836.0KB)
Removing: /Users/keke/Library/Caches/Homebrew/watchman_bottle_manifest--2024.08.12.00... (32.6KB)
Removing: /Users/keke/Library/Caches/Homebrew/watchman--2024.08.12.00... (3.5MB)
Removing: /Users/keke/Library/Caches/Homebrew/webp_bottle_manifest--1.4.0... (14.1KB)
Removing: /Users/keke/Library/Caches/Homebrew/webp--1.4.0... (874.8KB)
Removing: /Users/keke/Library/Caches/Homebrew/xorgproto_bottle_manifest--2024.1... (14.1KB)
Removing: /Users/keke/Library/Caches/Homebrew/xorgproto--2024.1... (699.7KB)
Removing: /Users/keke/Library/Caches/Homebrew/xz_bottle_manifest--5.6.2... (9.4KB)
Removing: /Users/keke/Library/Caches/Homebrew/xz--5.6.2... (569KB)
Removing: /Users/keke/Library/Caches/Homebrew/z3_bottle_manifest--4.13.0... (7.4KB)
Removing: /Users/keke/Library/Caches/Homebrew/z3--4.13.0... (12.2MB)
Removing: /Users/keke/Library/Caches/Homebrew/zstd_bottle_manifest--1.5.6... (9.1KB)
Removing: /Users/keke/Library/Caches/Homebrew/zstd--1.5.6... (758.6KB)
Removing: /Users/keke/Library/Caches/Homebrew/portable-ruby-3.3.4_1.arm64_big_sur.bottle.tar.gz... (11.1MB)
Removing: /Users/keke/Library/Logs/Homebrew/gdk-pixbuf... (208B)
Removing: /Users/keke/Library/Logs/Homebrew/python@3.12... (2 files, 2KB)
Removing: /Users/keke/Library/Logs/Homebrew/glib... (64B)
Removing: /Users/keke/Library/Logs/Homebrew/openssl@3... (64B)
Removing: /Users/keke/Library/Logs/Homebrew/ca-certificates... (64B)
Removing: /Users/keke/Library/Logs/Homebrew/librsvg... (197B)
Removing: /Users/keke/Library/Logs/Homebrew/python@3.10... (2 files, 2.5KB)
Removing: /Users/keke/Library/Logs/Homebrew/node... (64B)
Removing: /Users/keke/Library/Logs/Homebrew/unbound... (64B)
Removing: /Users/keke/Library/Logs/Homebrew/gnutls... (64B)

AWS

February 6, 2025 · 3 min read

S3 암호화

SSE-S3: S3가 소유한 키로 암복호화
SSE-KMS (Key Management service) : KMS 내 키로 암호화화
SSE-C : 키가 AWS 외부에 위치
클라이언트 측 암호화

S3 암호화 전송을 강제하려면 -> 정책을 수정 { aws:SecureTransport: false } 추가

S3 CORS 설정 가능

S3 MFA Delete

S3 Access Logs - Audit (감사)

S3 pre-signed urls : 퍼블릭이 아닌 s3에서 업로드, 다운로드가 가능한 url을 임시로 만들고 그 url로 수행

Glacier(글리시어)

S3 객체 잠금 (S3 Object Lock)

버킷 내의 모든 객체를 잠금

규정 준수 모드 : 덮어쓰거나 삭제 불가
거버넌스 보존 모드 : 관리자나 일부 사용자 IAM 권한으로 객체를 변경/삭제 가능
법적 보존 : 영구적 보존

S3 액세스 포인트

S3 객체에 접근할 때 각각의 액세스 포인트에 특정 경로를 정의하고 그 객체만 접근 가능

CloudFront (CDN)

CloudFront Origins :

S3
Custom Origin(HTTP) S3 website, ec2, ALB, any http server

CloudFront - S3 :

Geo Restriction (지리적 제한)

AWS Global Accelerator

캐시가 아닌 가장 응답이 빠른 리전의 서비스 애플리케이션으로 트래픽 전송

AWS SQS

Message Queue

visivility time : (한 소비자가) 대기열에서 수신한 메시지가 다른 메시지 소비자에게 보이지 않게 되는 시간을 설정

Long Polling : 한 번에 많은 메세지를 가져오기 위함. 빈 응답 수(ReceiveMessage 요청에 사용할 수 있는 메시지가 없는 경우)와 잘못된 빈 응답(메시지를 사용할 수 있지만 응답에 포함되지 않은 경우)을 제거하여 Amazon SQS 사용 비용을 줄이는 데 도움

AWS SNS

producer/consumer pub/sub

tobic 발행 (카프카랑 비슷??)

SNS + SQS : Fan Out 패턴

Kinesis (키네시스)

실시간 스트리밍 데이터

Kinesis Data Stream
Kinesis Data Firehose
Kinesis Data Analytics
Kinesis + SQS FIFO

ECS

Launch EC2 type: EC2 내 docker 에이전트 기반으로 실행
Fragate : serverless 방식

AWS

February 5, 2025 · 3 min read

AWS EC2 배포그룹

배치 그룹(Placement groups)

클러스터(Cluster)

클러스터 전략은 인스턴스간 물리적 거리가 극도로 짧기 때문에 네트워크 성능을 최대한 끌어올릴 수 있다는 장점이 있습니다.

그러나 한 랙에 문제가 생기면 모든 인스턴스들에 문제가 생길 수 있다는 치명적인 위험이 존재

분산(Spread)

분산(Spread) 전략은 랙 당 하나의 인스턴스를 배치하고, 여러 AZ에 분산해 배치하는 전략

파티션(Partition)

파티션(partition) 전략은 클러스터 전략과 분산 전략의 장점

ENI 탄력적 네트워크 인터페이스

AWS 인스턴스 스토리지

EBS == network drive

ec2에서 분리 및 다른 ec2에 연결 가능

AZ 간에 이동은 불가능

gp2, gp3 : 낮은 지연성, SSD
io1, io2 : 고사양
st1, st2 : HDD

EBS 다중 연결 (io1, io2)

AWS ELB

ALB - L7 NLB - L4 GWLB - L3

X-FORWARD-FOR, X-FORWARD-PORT : 로드벨런서가 클라이언트가 요청하는 정보를 해더에 기록

Sticky Session 쿠키를 기반으로 요청하는 인스턴스 고정하는 방법

크로스존 로드벨런싱 (Cross Zone Load Balancer)

ACM (AWS Certificate Manager)

ELB와 연결된 EC2가 종료될때 연결 드레이닝 (Connection Draing) 수행 (바로 종료되는게 아니라 기존에 요청 온 응답을 전부 수행 후 종료)

Auto Scaling Group

Dynamic scaling: 동적 스케일링 Schedule scaling: 시간 기준으로 스케일링 Predictive scaling : 예측 모델 기반으로 스케일링

스케일의 기준

CPU지표
요청횟수
평균 네트워크 in/out
custom metric

Scaling Cooldown

쿨다운시간 동안 인스턴스를 만들거나 삭제하지 않음
쿨다운시간을 줄여 보다 빠르게 업데이트 되게 설정

AWS

February 4, 2025 · One min read

aws cli 설치

https://docs.aws.amazon.com/ko_kr/cli/latest/userguide/getting-started-install.html

curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg ./AWSCLIV2.pkg -target /

% which aws
/usr/local/bin/aws
% aws --version
aws-cli/2.23.12 Python/3.12.6 Darwin/23.6.0 exe/x86_64

액세스키 설정

aws configure
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]: ap-northeast-2
Default output format [None]:

aws sam-cli 설치

AWS Serverless Application Model(AWS SAM)은 코드형 인프라(IaC)를 사용하여 서버리스 애플리케이션을 빌드하기 위한 오픈 소스 프레임워크

AWS SAM의 간편 구문을 사용하여 배포 중에 인프라로 변환되는 AWS CloudFormation 리소스와 특수한 서버리스 리소스를 선언

https://docs.aws.amazon.com/ko_kr/serverless-application-model/latest/developerguide/install-sam-cli.html

terraform

February 4, 2025 · 2 min read

terraform 설치하기

https://developer.hashicorp.com/terraform/install?product_intent=terraform

terraform workflow

Terraform 주요 특징

Infrastructure as Code 정의한 코드를 쉽게 공유할 수 있어 효율적으로 협업 가능
Execution Plan 변경 계획과 변경 적용을 분리하여 변경 내용을 적용할 때 발생할 수 있는 실수를 줄일 수 있음
Resource Graph 사소한 변경이 인프라 전체에 어떤 영향을 미칠지 미리 확인 종속성 그래프를 작성하여 이 그래프를 바탕으로 계획을 세우고, 이 계획을 적용했을 때 변경되는 인프라 상태를 확인
Change Automation 여러 장소에 같은 구성의 인프라를 구축하고 변경할 수 있도록 자동화할 수 있습니다. 인프라를 구축하는 데 드는 시간을 절약할 수 있고, 실수도 줄일 수 있습니다.

쿠버네티스 오토스케일링

February 3, 2025 · One min read

% kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
service/metrics-server created
deployment.apps/metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created

% kubectl apply -f php-apache.yaml
deployment.apps/php-apache created
service/php-apache created

% kubectl autoscale deployment php-apache --cpu-percent=50 --min=1 --max=10
horizontalpodautoscaler.autoscaling/php-apache autoscaled

 % kubectl get hpa
NAME         REFERENCE               TARGETS       MINPODS   MAXPODS   REPLICAS   AGE
php-apache   Deployment/php-apache   cpu: 0%/50%   1         10        1          119s

kubectl run -i --tty load-generator --rm --image=busybox --restart=Never -- /bin/sh -c "while sleep 0.01; do wget -q -o- http://php-apache; done"

% kubectl get deployment php-apache
NAME         READY   UP-TO-DATE   AVAILABLE   AGE
php-apache   6/6     6            6           5m16s

쿠버네티스 모니터링

February 3, 2025 · 5 min read

$ kubectl create ns monitoring
namespace/monitoring created

프로메테우스가 k8s API에 접근할 수 있는 권한을 부여하기 위해 ClusterRole 생성

% kubectl apply -f prometheus-cluster-role.yaml 
clusterrole.rbac.authorization.k8s.io/prometheus created
clusterrolebinding.rbac.authorization.k8s.io/prometheus created

apiVersion: rbac.authorization.k8s.io/v1    
kind: ClusterRole
metadata:
  name: prometheus
  namespace: monitoring
rules:
- apiGroups: [""]
  resources:    
  - nodes
  - nodes/proxy
  - services
  - endpoints
  - pods
  verbs: ["get", "list", "watch"]
- apiGroups:
  - extensions
  resources:
  - ingresses
  verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1    
kind: ClusterRoleBinding
metadata:
  name: prometheus
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: prometheus
subjects:
- kind: ServiceAccount
  name: default
  namespace: monitoring

프로메테우스에서 수집할 지표를 정의 configMap

% kubectl apply -f prometheus-config-map.yaml 
configmap/prometheus-server-conf created

apiVersion: v1
kind: ConfigMap
metadata:
  name: prometheus-server-conf
  labels:
    name: prometheus-server-conf
  namespace: monitoring
data:
  prometheus.rules: |-    
    groups:
    - name: container memory alert
      rules:
      - alert: container memory usage rate is very high( > 55%)
        expr: sum(container_memory_working_set_bytes{pod!="", name=""})/ sum (kube_node_status_allocatable_memory_bytes) * 100 > 55
        for: 1m
        labels:
          severity: fatal
        annotations:
          summary: High Memory Usage on
          identifier: ""
          description: " Memory Usage: "
    - name: container CPU alert
      rules:
      - alert: container CPU usage rate is very high( > 10%)
        expr: sum (rate (container_cpu_usage_seconds_total{pod!=""}[1m])) / sum (machine_cpu_cores) * 100 > 10
        for: 1m
        labels:
          severity: fatal
        annotations:
          summary: High Cpu Usage
  prometheus.yml: |-    
    global:
      scrape_interval: 5s
      evaluation_interval: 5s
    rule_files:
      - /etc/prometheus/prometheus.rules
    alerting:
      alertmanagers:
      - scheme: http
        static_configs:
        - targets:
          - "alertmanager.monitoring.svc:9093"
    scrape_configs:
      - job_name: 'kubernetes-apiservers'
        kubernetes_sd_configs:
        - role: endpoints
        scheme: https
        tls_config:
          ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
        relabel_configs:
        - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
          action: keep
          regex: default;kubernetes;https
      - job_name: 'kubernetes-nodes'
        scheme: https
        tls_config:
          ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
        kubernetes_sd_configs:
        - role: node
        relabel_configs:
        - action: labelmap
          regex: __meta_kubernetes_node_label_(.+)
        - target_label: __address__
          replacement: kubernetes.default.svc:443
        - source_labels: [__meta_kubernetes_node_name]
          regex: (.+)
          target_label: __metrics_path__
          replacement: /api/v1/nodes/${1}/proxy/metrics
      - job_name: 'kubernetes-pods'
        kubernetes_sd_configs:
        - role: pod
        relabel_configs:
        - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
          action: keep
          regex: true
        - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
          action: replace
          target_label: __metrics_path__
          regex: (.+)
        - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
          action: replace
          regex: ([^:]+)(?::\d+)?;(\d+)
          replacement: $1:$2
          target_label: __address__
        - action: labelmap
          regex: __meta_kubernetes_pod_label_(.+)
        - source_labels: [__meta_kubernetes_namespace]
          action: replace
          target_label: kubernetes_namespace
        - source_labels: [__meta_kubernetes_pod_name]
          action: replace
          target_label: kubernetes_pod_name
      - job_name: 'kube-state-metrics'
        static_configs:
          - targets: ['kube-state-metrics.kube-system.svc.cluster.local:8080']
      - job_name: 'kubernetes-cadvisor'
        scheme: https
        tls_config:
          ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
        kubernetes_sd_configs:
        - role: node
        relabel_configs:
        - action: labelmap
          regex: __meta_kubernetes_node_label_(.+)
        - target_label: __address__
          replacement: kubernetes.default.svc:443
        - source_labels: [__meta_kubernetes_node_name]
          regex: (.+)
          target_label: __metrics_path__
          replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor
      - job_name: 'kubernetes-service-endpoints'
        kubernetes_sd_configs:
        - role: endpoints
        relabel_configs:
        - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
          action: keep
          regex: true
        - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
          action: replace
          target_label: __scheme__
          regex: (https?)
        - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
          action: replace
          target_label: __metrics_path__
          regex: (.+)
        - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
          action: replace
          target_label: __address__
          regex: ([^:]+)(?::\d+)?;(\d+)
          replacement: $1:$2
        - action: labelmap
          regex: __meta_kubernetes_service_label_(.+)
        - source_labels: [__meta_kubernetes_namespace]
          action: replace
          target_label: kubernetes_namespace
        - source_labels: [__meta_kubernetes_service_name]
          action: replace
          target_label: kubernetes_name

프로메테우스 파드 생성

% kubectl apply -f prometheus-deployment.yaml deployment.apps/prometheus-deployment created

apiVersion: apps/v1
kind: Deployment
metadata:
  name: prometheus-deployment
  namespace: monitoring
spec:
  replicas: 1
  selector:
    matchLabels:
      app: prometheus-server
  template:
    metadata:
      labels:
        app: prometheus-server
    spec:
      containers:
        - name: prometheus
          image: prom/prometheus:latest   
          args:
            - "--config.file=/etc/prometheus/prometheus.yml"
            - "--storage.tsdb.path=/prometheus/"
          ports:
            - containerPort: 9090
          volumeMounts:    
            - name: prometheus-config-volume
              mountPath: /etc/prometheus/
            - name: prometheus-storage-volume
              mountPath: /prometheus/
      volumes:
        - name: prometheus-config-volume
          configMap:
            defaultMode: 420
            name: prometheus-server-conf
        - name: prometheus-storage-volume
          emptyDir: {}

Node exporter 정의

Node exporter = 쿠버네티스 노드에 대한 정보를 수집하는 역할

각 노드에 하나씩 파드 형태로 존재해야하기에 데몬셋으로 생성

apiVersion: apps/v1
kind: DaemonSet    
metadata:
  name: node-exporter
  namespace: monitoring
  labels:
    k8s-app: node-exporter
spec:
  selector:
    matchLabels:
      k8s-app: node-exporter
  template:
    metadata:
      labels:
        k8s-app: node-exporter
    spec:
      containers:
      - image: prom/node-exporter
        name: node-exporter
        ports:
        - containerPort: 9100
          protocol: TCP
          name: http
---
apiVersion: v1
kind: Service
metadata:
  labels:
    k8s-app: node-exporter
  name: node-exporter
  namespace: kube-system
spec:
  ports:
  - name: http
    port: 9100
    nodePort: 31672
    protocol: TCP
  type: NodePort
  selector:
    k8s-app: node-exporter

% kubectl apply -f prometheus-node-exporter.yaml 
daemonset.apps/node-exporter created
service/node-exporter created

외부에서 프로메테우스 파드에 접근하기 위해 서비스 생성

% kubectl apply -f prometheus-svc.yaml 
service/prometheus-service created

apiVersion: v1
kind: Service
metadata:
  name: prometheus-service
  namespace: monitoring
  annotations:
      prometheus.io/scrape: 'true'
      prometheus.io/port:   '9090'
spec:
  selector:
    app: prometheus-server
  type: NodePort    
  ports:
    - port: 8080
      targetPort: 9090
      nodePort: 30001

port-forward

% kubectl port-forward -n monitoring svc/prometheus-service 8080:8080
Forwarding from 127.0.0.1:8080 -> 9090
Forwarding from [::1]:8080 -> 9090

그라파나 (시각화 도구)

apiVersion: apps/v1
kind: Deployment
metadata:
  name: grafana
  namespace: monitoring
spec:
  replicas: 1
  selector:
    matchLabels:
      app: grafana
  template:
    metadata:
      name: grafana
      labels:
        app: grafana
    spec:
      containers:
      - name: grafana
        image: grafana/grafana:latest    
        ports:
        - name: grafana
          containerPort: 3000
        env:    
        - name: GF_SERVER_HTTP_PORT
          value: "3000"
        - name: GF_AUTH_BASIC_ENABLED
          value: "false"
        - name: GF_AUTH_ANONYMOUS_ENABLED   
          value: "true"
        - name: GF_AUTH_ANONYMOUS_ORG_ROLE  
          value: Admin
        - name: GF_SERVER_ROOT_URL
          value: /
---
apiVersion: v1
kind: Service
metadata:
  name: grafana
  namespace: monitoring
  annotations:
      prometheus.io/scrape: 'true'
      prometheus.io/port:   '3000'
spec:
  selector:
    app: grafana
  type: NodePort
  ports:
    - port: 3000
      targetPort: 3000
      nodePort: 30004

static pod​

multi-container​

sidecar-container​

kind 설치하기​

kind 멀티노드 설치​

Reference​

Java Heap​

Hotspot JVM​

GC​

GC Fragment​

GC 튜닝​

lifecycle​

homebrew 설치 권한 이슈​

S3 암호화​

S3 객체 잠금 (S3 Object Lock)​

S3 액세스 포인트​

CloudFront (CDN)​

AWS Global Accelerator​

AWS SQS​

AWS SNS​

SNS + SQS : Fan Out 패턴​

Kinesis (키네시스)​

ECS​

AWS EC2 배포그룹​

ENI 탄력적 네트워크 인터페이스​

AWS 인스턴스 스토리지​

AWS ELB​

aws cli 설치​

액세스키 설정​

aws sam-cli 설치​

terraform 설치하기​

terraform workflow​