-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
871a019
commit 3f32692
Showing
29 changed files
with
853 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| # reference: https://github.com/hashicorp/http-echo | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: http-echo | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app: http-echo | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: http-echo | ||
| spec: | ||
| containers: | ||
| - name: http-echo | ||
| image: traefik/whoami | ||
| ports: | ||
| - containerPort: 80 | ||
| resources: | ||
| limits: | ||
| cpu: "0.1" | ||
| memory: 50Mi | ||
| requests: | ||
| cpu: "0.1" | ||
| memory: 50Mi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| # reference: https://github.com/hashicorp/http-echo | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: http-echo | ||
| spec: | ||
| selector: | ||
| app: http-echo | ||
| ports: | ||
| - protocol: TCP | ||
| port: 80 | ||
| targetPort: 80 | ||
| type: ClusterIP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| # 개요 | ||
| * kind cluster에서 iptables 시각화 | ||
|
|
||
| # 실습환경 구축 | ||
| * [환경 구축 문서 바로가기](./install/README.md) | ||
|
|
||
| # iptables-exporter | ||
|
|
||
| * manifest 배포 | ||
|
|
||
| ```sh | ||
| kubectk apply ./manifests/iptables-exporter/ | ||
| ``` | ||
|
|
||
| * pod 실행상태 확인 | ||
|
|
||
| ```sh | ||
| $ kubectl -n kube-system get pod -l app=iptables-exporter | ||
| NAME READY STATUS RESTARTS AGE | ||
| iptables-exporter-hg4dw 1/1 Running 0 8h | ||
| ``` | ||
|
|
||
| * prometheus targets 확인 | ||
|
|
||
|  | ||
|
|
||
|  | ||
|
|
||
|
|
||
| # 실습 | ||
| * prometheus에서 iptables-exporter metrics 조회 | ||
|
|
||
| > iptables_로 시작 | ||
|  | ||
|
|
||
|
|
||
| # 참고자료 | ||
| * https://github.com/madron/iptables-exporter | ||
| * https://openai.com/index/scaling-kubernetes-to-7500-nodes/ | ||
| * https://popappend.tistory.com/140 | ||
| * https://iximiuz.com/en/posts/laymans-iptables-101/ | ||
| * https://kschoi728.tistory.com/261 |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # for AMD64 | ||
| FROM messense/rust-musl-cross:x86_64-musl as builder | ||
|
|
||
| WORKDIR /usr/src/iptables_exporter | ||
| RUN git clone https://github.com/kbknapp/iptables_exporter . | ||
| RUN cargo build --release --target x86_64-unknown-linux-musl | ||
|
|
||
| FROM debian:bullseye-slim | ||
|
|
||
| RUN apt-get update && apt-get install -y iptables && rm -rf /var/lib/apt/lists/* | ||
|
|
||
| COPY --from=builder /usr/src/iptables_exporter/target/x86_64-unknown-linux-musl/release/iptables_exporter /usr/local/bin/iptables_exporter | ||
|
|
||
| EXPOSE 9455 | ||
|
|
||
| ENTRYPOINT ["iptables_exporter", "-t", "iptables", "-t", "iptables-legacy", "-t", "ip6tables"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # for AMD64 | ||
| FROM messense/rust-musl-cross:aarch64-musl as builder | ||
|
|
||
| WORKDIR /usr/src/iptables_exporter | ||
| RUN git clone https://github.com/kbknapp/iptables_exporter . | ||
| RUN cargo build --release --target aarch64-unknown-linux-musl | ||
|
|
||
| FROM debian:bullseye-slim | ||
|
|
||
| RUN apt-get update && apt-get install -y iptables && rm -rf /var/lib/apt/lists/* | ||
|
|
||
| COPY --from=builder /usr/src/iptables_exporter/target/aarch64-unknown-linux-musl/release/iptables_exporter /usr/local/bin/iptables_exporter | ||
|
|
||
| EXPOSE 9455 | ||
|
|
||
| ENTRYPOINT ["iptables_exporter", "-t", "iptables", "-t", "iptables-legacy", "-t", "ip6tables"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| IMAGE_NAME=choisunguk/iptables_exporter | ||
| IMAGE_TAG-AMD=v3 | ||
| IMAGE_TAG-ARM=v3 | ||
|
|
||
| up: | ||
| @kind create cluster --config kind-config.yaml | ||
| @helm upgrade --install metrics-server -n kube-system -f ./metrics_server_values.yaml metrics-server/metrics-server | ||
| @helm upgrade --install prometheus-stack -n monitoring --create-namespace -f prometheus_stack_values.yaml prometheus-community/kube-prometheus-stack | ||
|
|
||
| down: | ||
| @kind delete cluster --name iptables-exporter | ||
|
|
||
| create-builder: | ||
| docker buildx create --name mybuilder --use | ||
|
|
||
| build-push-amd: | ||
| docker buildx build --platform linux/amd64 -t $(IMAGE_NAME):amd-${IMAGE_TAG-AMD} -f Dockerfile-amd --push . | ||
|
|
||
| build-push-arm: | ||
| docker build --platform linux/arm64 -t $(IMAGE_NAME):arm-${IMAGE_TAG-ARM} -f Dockerfile-arm --push . | ||
|
|
||
| .PHONY: create-builder build-push-amd build-push-arm up down |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| # 개요 | ||
| * 쿠버네티스에서 iptables를 실습하기 위한 환경 설치 | ||
|
|
||
| # kind cluster 생성 | ||
|
|
||
| ```sh | ||
| kind create cluster --config kind-config.yaml | ||
| ``` | ||
|
|
||
| # metrics server 설치 | ||
|
|
||
| ```sh | ||
| helm repo add metrics-server https://kubernetes-sigs.github.io/metrics-server/ | ||
| helm upgrade --install metrics-server \ | ||
| -n kube-system \ | ||
| -f ./metrics_server_values.yaml \ | ||
| metrics-server/metrics-server | ||
| ``` | ||
|
|
||
| # prometheus-operator stack 설치 | ||
|
|
||
| ```sh | ||
| helm repo add prometheus-community https://prometheus-community.github.io/helm-charts | ||
| helm repo update | ||
| ``` | ||
|
|
||
| ```sh | ||
| helm upgrade --install prometheus-stack \ | ||
| -n monitoring --create-namespace \ | ||
| -f prometheus_stack_values.yaml \ | ||
| prometheus-community/kube-prometheus-stack | ||
| ``` | ||
|
|
||
| # prometheus, grafana 접속방법 | ||
|
|
||
| * prometeus: http://localhost:30090 | ||
| * grafana: http://localhost:30080 | ||
|
|
||
| # kind cluster 삭제 | ||
|
|
||
| ```sh | ||
| kind delete cluster --name iptables-exporter | ||
| ``` |
Oops, something went wrong.