MinIO Windows Service 등록 MinIO Service 등록 WinSW https://github.com/winsw/winsw{:target="_blank"} Windows 실행 파일을 서비스로 래핑해주는 툴 .NET Framework / Core 기반 Windows 플랫폼에서 실행 MinIO Service https://github.com/minio/minio-service/tree/master/windows{:target="_blank"} WinSW 최신 Release 다운로드 및 XML 설정 파일 작성 # choco install curl # 다운로드 $ curl -LO https://github.com/winsw/winsw/releases/download/v2.11.0/WinSW-x64.exe # rename $ move WinSW-x64.exe minio-service.exe minio-service.xml <service> <id>MinIO</id> <name>MinIO</name> <description>MinIO is a high performance object storage server</description> <executable>minio.exe</executable> <env name="MINIO_ROOT_USER" value="minio"/> <env name="MINIO_ROOT_PASSWORD" value="minio1234"/> <arguments>server d:\minio\data --console-address ":9001"</arguments> <logmode>rotate</logmode> </service> 서비스 등록 Administrator 권한으로 실행 minio 실행 파일 PATH 등록 or 같은 디렉토리에 위치 # service install $ minio-service.exe install 2021-12-09 15:57:24,987 INFO - Installing service 'MinIO (MinIO)'... 2021-12-09 15:57:25,085 INFO - Service 'MinIO (MinIO)' was installed successfully. # service status $ minio-service.exe status Stopped # service start $ minio-service.exe start 2021-12-09 16:05:59,133 INFO - Starting service 'MinIO (MinIO)'... 2021-12-09 16:06:00,322 INFO - Service 'MinIO (MinIO)' started successfully.

Go 언어로 만든 크로스 플랫폼 클라우드 스토리지 특화 백업 및 동기화 프로그램 Rclone https://rclone.org/{:target="_blank"} file, sftp 부터 Amazon S3, MinIO 와 같은 Object Storage, Cloud Storage 등의 많은 Providers 를 지원 Install 플랫폼 바이너리 다운로드 or 패키지 매니저 활용 https://rclone.org/downloads/{:target="_blank"} Rclone config Providers 설정 기반, config 파일을 통해 설정 Rclone config 기본 파일 위치 확인 # linux config 파일 위치 확인 $ rclone config file Configuration file is stored at: /home/<HOME>/.config/rclone/rclone.conf # windows $ rclone config file Configuration file is stored at: C:\Users\<HOME>\AppData\Roaming\rclone\rclone.conf Rclone config 추가 config 파일을 직접 수정 하거나 Interactive 화면을 통해 진행 $ rclone config No remotes found - make a new one n) New remote s) Set configuration password q) Quit config n/s/q> ... Rclone config 내용 확인 $ rclone config show Rclone Provider config Amazon S3 [mys3] type = s3 provider = AWS env_auth = true region = ap-northeast-2 location_constraint = ap-northeast-2 [mys3] type = s3 provider = AWS env_auth = true region = ap-northeast-2 location_constraint = ap-northeast-2 access_key_id = AKIAXXXXXXXXXXXXXXXX secret_access_key = 1oxxxxxxxxxxxxxxxxxxxxxxxxx MinIO [myminio] type = s3 provider = Minio env_auth = false access_key_id = KEYxxxxxxxxx secret_access_key = PWDxxxxxxxxx endpoint = http://minio-server SFTP 공개키 인증을 위해 key_file 지정하지 않으면 ssh_agent를 통해 접근시도 ...

Golang GC (가비지 컬렉터) 주요 내용 Golang GC : GOGC 유효하지 않는 메모리(Dangling Object)를 주기적으로 해제하는 기법 Java의 Parallel GC, G1GC 와 유사하나 구현 방식에서 차이가 있음 Stop-the-World 시간을 최소화하도록 설계됨 Tri-Color Algorithm 사용 동시성을 고려한 효율적인 메모리 관리 알고리즘 CMS (Concurrent Mark and Sweep) 방식 운영 Java 와 같은 Generation GC 기법이나 Compaction은 지원하지 않음 대신 더 효율적인 메모리 할당 전략을 사용 Compaction (압축, 재배치) 가 없음 재배치를 하지 않는 대신 TCMalloc를 통한 메모리 할당 관리 메모리 단편화를 최소화하고 빠른 할당을 지원 멀티쓰레드 최적화 힙 메모리 할당기 - tcmalloc. jemalloc{:target="_blank"} Tri-Color Algorithm 동작 원리 white, black, grey 세 가지 상태를 통한 메모리 관리 ...

Snapshots 기능을 제공하는 modern backup program restic https://restic.net/{:target="_blank"} Go로 만들어진 백업 프로그램, 크로스프랫폼 지원 - from Linux, BSD, Mac and Windows - to many different storage types, including self-hosted and online services - easily, being a single executable that you can run without a server or complex setup - effectively, only transferring the parts that actually changed in the files you back up - securely, by careful use of cryptography in every part of the process - verifiably, enabling you to make sure that your files can be restored when needed - freely - restic is entirely free to use and completely open source Install Package 설치 및 Binary 지원 Package : https://restic.readthedocs.io/en/stable/020_installation.html{:target="_blank"} Binary : https://github.com/restic/restic/releases/tag/v0.12.1{:target="_blank"} $ curl -LO https://github.com/restic/restic/releases/download/v0.12.1/restic_0.12.1_linux_amd64.bz2 # install bzip2 $ sudo yum install bzip2 -y $ bunzip2 restic_0.12.1_linux_amd64.bz2 $ mv restic_0.12.1_linux_amd64 restic $ sudo mv restic /usr/local/bin $ restic restic is a backup program which allows saving multiple revisions of files and directories in an encrypted repository stored on different backends. Usage: restic [command] Available Commands: backup Create a new backup of files and/or directories cache Operate on local cache directories cat Print internal objects to stdout check Check the repository for errors copy Copy snapshots from one repository to another diff Show differences between two snapshots dump Print a backed-up file to stdout find Find a file, a directory or restic IDs forget Remove snapshots from the repository generate Generate manual pages and auto-completion files (bash, fish, zsh) help Help about any command init Initialize a new repository key Manage keys (passwords) list List objects in the repository ls List files in a snapshot migrate Apply migrations mount Mount the repository prune Remove unneeded data from the repository rebuild-index Build a new index recover Recover data from the repository restore Extract the data from a snapshot self-update Update the restic binary snapshots List all snapshots stats Scan the repository and show basic statistics tag Modify tags on snapshots unlock Remove locks other processes created version Print version information .... Backup & Restore Backup Repository 생성 # Repository 접근을 위한 패드워스 필요, 일단 1111 # -r, --repo repository repository to backup to or restore from (default: $RESTIC_REPOSITORY) $ restic init -r repo enter password for new repository: enter password again: created restic repository 7f3cfb3e9a at repo Please note that knowledge of your password is required to access the repository. Losing your password means that your data is irrecoverably lost. # password 파일 생성, -p 옵션으로 지정 $ echo 1111 > passwd Backup : snapshots 생성 # Backup # restic -r <repository> -p <passwd file> backup <Source> # -p, --password-file file file to read the repository password from (default: $RESTIC_PASSWORD_FILE) $ restic -r repo -p passwd backup /home/cdecl/temp/mvcapp repository e4ccc49d opened successfully, password is correct no parent snapshot found, will read all files Files: 79 new, 0 changed, 0 unmodified Dirs: 40 new, 0 changed, 0 unmodified Added to the repo: 4.854 MiB processed 79 files, 4.811 MiB in 0:00 snapshot 9aff8447 saved # 파일생성 및 다시백업 $ touch /home/cdecl/temp/mvcapp/test.txt $ restic -r repo -p passwd backup /home/cdecl/temp/mvcapp repository e4ccc49d opened successfully, password is correct using parent snapshot 9aff8447 Files: 1 new, 0 changed, 79 unmodified Dirs: 0 new, 4 changed, 36 unmodified Added to the repo: 7.742 KiB processed 80 files, 4.811 MiB in 0:00 snapshot f4b94d9b saved Snapshots 확인 # snapshots 2개 화인 확인 $ restic -r repo -p passwd snapshots repository e4ccc49d opened successfully, password is correct ID Time Host Tags Paths ------------------------------------------------------------------------------ 9aff8447 2021-11-25 15:17:52 centos1 /home/cdecl/temp/mvcapp f4b94d9b 2021-11-25 15:22:24 centos1 /home/cdecl/temp/mvcapp ------------------------------------------------------------------------------ 2 snapshots Snapshots 비교 $ restic -r repo -p passwd diff 9aff8447 f4b94d9b repository e4ccc49d opened successfully, password is correct comparing snapshot 9aff8447 to f4b94d9b: + /home/cdecl/temp/mvcapp/test.txt Files: 1 new, 0 removed, 0 changed Dirs: 0 new, 0 removed Others: 0 new, 0 removed Data Blobs: 0 new, 0 removed Tree Blobs: 5 new, 5 removed Added: 7.742 KiB Removed: 7.456 KiB Restore : Snapshots 에서 복원 # restic -r <repository> -p <passwd file> restore <snapshots id> -t <Target> $ restic -r repo -p passwd restore 9aff8447 -t restore-mvcapp repository e4ccc49d opened successfully, password is correct restoring <Snapshot 9aff8447 of [/home/cdecl/temp/mvcapp] at 2021-11-25 15:17:52.115925352 +0900 KST by cdecl@centos1> to restore-mvcapp MinIO & RClone Backend 지원 https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html{:target="_blank"} Local, SFTP, REST Server, Amazon S3, Minio Server, Microsoft Azure Blob Storage, Google Cloud Storage, Other Services via rclone 등 지원 MinIO Repository 만들기 $ export AWS_ACCESS_KEY_ID=key $ export AWS_SECRET_ACCESS_KEY=passwd $ restic init -r s3:http://minio.server:9000/restic enter password for new repository: enter password again: created restic repository 65a27250da at s3:http://minio.server:9000/restic Please note that knowledge of your password is required to access the repository. Losing your password means that your data is irrecoverably lost. # Backup $ restic -r s3:http://minio.server:9000/restic -p passwd backup /home/cdecl/temp/mvcapp # snapshots $ restic -r s3:http://minio.server:9000/restic -p passwd snapshots repository 65a27250 opened successfully, password is correct ID Time Host Tags Paths ------------------------------------------------------------------------------ 73d37fbd 2021-11-25 15:37:34 centos1 /home/cdecl/temp/mvcapp ------------------------------------------------------------------------------ 1 snapshots RClone Backend 로 사용 $ rclone config show [infradb] type = s3 env_auth = false access_key_id = key secret_access_key = passwd region = us-east-1 endpoint = http://minio.server:9000 # rclone config 사용 respository 만들기 $ restic init -r rclone:infradb:restic enter password for new repository: enter password again: created restic repository ce850667c9 at rclone:infradb:restic Please note that knowledge of your password is required to access the repository. Losing your password means that your data is irrecoverably lost. # Backup $ restic -r rclone:infradb:restic -p passwd backup /home/cdecl/temp/mvcapp # snapshots $ restic -r rclone:infradb:restic -p passwd snapshots Snapshots 관리 https://restic.readthedocs.io/en/stable/060_forget.html{:target="_blank"} $ restic -r rclone:infradb:restic -p passwd snapshots repository ce850667 opened successfully, password is correct ID Time Host Tags Paths ------------------------------------------------------------------------------ a3737738 2021-11-25 15:44:05 centos1 /home/cdecl/temp/mvcapp 00f16d70 2021-11-25 15:44:50 centos1 /home/cdecl/temp/mvcapp 0e83568a 2021-11-25 15:44:51 centos1 /home/cdecl/temp/mvcapp 4041e3ca 2021-11-25 15:44:53 centos1 /home/cdecl/temp/mvcapp eb1e56c7 2021-11-25 15:44:54 centos1 /home/cdecl/temp/mvcapp d81b3d2a 2021-11-25 15:44:55 centos1 /home/cdecl/temp/mvcapp ------------------------------------------------------------------------------ 6 snapshots # snapshots 1개 지우기 $ restic -r rclone:infradb:restic -p passwd forget d81b3d2a repository ce850667 opened successfully, password is correct [0:00] 100.00% 1 / 1 files deleted # 스냅샷의 파일에서 참조한 데이터는 여전히 저장소에 저장 # 참조되지 않은 데이터를 정리하려면 prune 명령 실행 $ restic -r rclone:infradb:restic -p passwd prune repository ce850667 opened successfully, password is correct loading indexes... loading all snapshots... finding data that is still in use for 5 snapshots [0:00] 100.00% 5 / 5 snapshots searching used packs... collecting packs for deletion and repacking [0:00] 100.00% 9 / 9 packs processed to repack: 0 blobs / 0 B this removes 0 blobs / 0 B to delete: 2 blobs / 1004 B total prune: 2 blobs / 1004 B remaining: 125 blobs / 4.862 MiB unused size after prune: 0 B (0.00% of remaining size) rebuilding index [0:00] 100.00% 8 / 8 packs processed deleting obsolete index files [0:00] 100.00% 6 / 6 files deleted removing 1 old packs [0:00] 100.00% 1 / 1 files deleted done # 최근 1개만 놔두고 snapshots 삭제 및 prune $ restic -r rclone:infradb:restic -p passwd forget --keep-last 1 --prune repository ce850667 opened successfully, password is correct Applying Policy: keep 1 latest snapshots keep 1 snapshots: ID Time Host Tags Reasons Paths --------------------------------------------------------------------------------------------- eb1e56c7 2021-11-25 15:44:54 centos1 last snapshot /home/cdecl/temp/mvcapp --------------------------------------------------------------------------------------------- 1 snapshots remove 4 snapshots: ID Time Host Tags Paths ------------------------------------------------------------------------------ a3737738 2021-11-25 15:44:05 centos1 /home/cdecl/temp/mvcapp 00f16d70 2021-11-25 15:44:50 centos1 /home/cdecl/temp/mvcapp 0e83568a 2021-11-25 15:44:51 centos1 /home/cdecl/temp/mvcapp 4041e3ca 2021-11-25 15:44:53 centos1 /home/cdecl/temp/mvcapp ------------------------------------------------------------------------------ 4 snapshots [0:00] 100.00% 4 / 4 files deleted 4 snapshots have been removed, running prune loading indexes... loading all snapshots... finding data that is still in use for 1 snapshots [0:00] 100.00% 1 / 1 snapshots searching used packs... collecting packs for deletion and repacking [0:00] 100.00% 8 / 8 packs processed to repack: 39 blobs / 47.305 KiB this removes 2 blobs / 1007 B to delete: 6 blobs / 2.950 KiB total prune: 8 blobs / 3.934 KiB remaining: 117 blobs / 4.858 MiB unused size after prune: 0 B (0.00% of remaining size) repacking packs [0:00] 100.00% 2 / 2 packs repacked rebuilding index [0:00] 100.00% 5 / 5 packs processed deleting obsolete index files [0:00] 100.00% 1 / 1 files deleted removing 5 old packs [0:00] 100.00% 5 / 5 files deleted done # snapshots 확인 $ restic -r rclone:infradb:restic -p passwd snapshots repository ce850667 opened successfully, password is correct ID Time Host Tags Paths ------------------------------------------------------------------------------ eb1e56c7 2021-11-25 15:44:54 centos1 /home/cdecl/temp/mvcapp ------------------------------------------------------------------------------ 1 snapshots forget 주요 인수 --keep-last n never delete the n last (most recent) snapshots --keep-hourly n for the last n hours in which a snapshot was made, keep only the last snapshot for each hour. --keep-daily n for the last n days which have one or more snapshots, only keep the last one for that day. --keep-weekly n for the last n weeks which have one or more snapshots, only keep the last one for that week. --keep-monthly n for the last n months which have one or more snapshots, only keep the last one for that month. --keep-yearly n for the last n years which have one or more snapshots, only keep the last one for that year. --keep-tag keep all snapshots which have all tags specified by this option (can be specified multiple times).

네트워크 L4, L7 기능 Reverse proxy 및 Load balancing, HA 기능을 제공하는 최적화된 S/W HAProxy Basic 공식 블로그인 만큼 가장 잘 정리된 링크로 상세 설명 대체 Basic Configuration https://www.haproxy.com/blog/haproxy-configuration-basics-load-balance-your-servers/{:target="_blank"} 최소 설정 및 기본 항목에 대한 설명 설치 및 적용 centos 7 # install $ sudo yum install haproxy # start $ sudo systemctl start haproxy # status $ sudo systemctl status haproxy ● haproxy.service - HAProxy Load Balancer Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled; vendor preset: disabled) Active: active (running) since 화 2021-11-23 13:55:48 KST; 5s ago Main PID: 227598 (haproxy-systemd) Tasks: 3 Memory: 1.9M CGroup: /system.slice/haproxy.service ├─227598 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid ├─227599 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds └─227600 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds ... 버전 확인, 지원 모듈, 지원 polling 시스템 확인 epoll 사용 $ haproxy -vv HA-Proxy version 1.5.18 2016/05/10 Copyright 2000-2016 Willy Tarreau <willy@haproxy.org> Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing -DTCP_USER_TIMEOUT=18 OPTIONS = USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.7 Compression algorithms supported : identity, deflate, gzip Built with OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017 Running on OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.32 2012-11-30 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. 기본설정 : /etc/haproxy/haproxy.cfg global : 전역 설정 defaults : 디폴트 설정 frontend : client로 부터 접속 정보, 5000 Port 대기 backend : 요청을 수행하는 서버로 전달, 3대의 서버로 전달 listen : frontend + backend 한꺼번에 정리할 수 있는 섹션, Stats Monitoring UI 설정 global log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 listen stats bind :8404 stats enable stats uri /monitor stats refresh 5s frontend front_main bind :5000 option forwardfor default_backend app backend app balance roundrobin server app1 192.168.28.15:30010 check server app2 192.168.28.16:30010 check server app3 192.168.28.17:30010 check SSL 인터페이스 https://serverfault.com/questions/738045/haproxy-to-terminate-ssl-also-send-ssl-to-backend-server{:target="_blank"} Frontend SSL Bind ... frontend front_main bind :5443 ssl crt /cert/path/domain_keypem.pem option forwardfor default_backend app ... Backend SSL 호출 ... backend app balance roundrobin mode http server app1 192.168.28.15:30443 ssl verify none server app2 192.168.28.16:30443 ssl verify none ... Four Essential Sections https://www.haproxy.com/blog/the-four-essential-sections-of-an-haproxy-configuration/{:target="_blank"} 4개의 기본 섹션 구조 설명 global # global settings here defaults # defaults here frontend # a frontend that accepts requests from clients backend # servers that fulfill the requests 기타 SSL 설정 : https://www.haproxy.com/blog/haproxy-ssl-termination/{:target="_blank"} 통계 Web UI : https://www.haproxy.com/blog/exploring-the-haproxy-stats-page/{:target="_blank"} ...

로컬(localhost) 서비스를 터널링을 통해 외부에서 접근 가능하도록 만들어주는 도구들을 소개합니다. 개발 단계에서 로컬에서 실행 중인 서비스를 외부에 임시로 공개해야 할 때 유용합니다. (보안 및 안정성 문제로 실제 프로덕션 환경에서는 사용하지 않는 것을 권장합니다) 주요 사용 사례: 외부 API의 웹훅(webhook) 테스트 클라이언트에게 개발 중인 기능 데모 모바일 기기에서 로컬 개발 서버 접근 협업 시 로컬 개발 환경 공유 localhost.run https://localhost.run/{:target="_blank"} SSH 리버스 터널링을 활용하여 로컬 서비스를 외부에 노출 별도의 프로그램 설치가 필요 없고 SSH 클라이언트만 있으면 사용 가능 무료로 사용 가능하며 커스텀 도메인 지원 테스트용 서비스 실행 아래 예제에서는 간단한 웹 애플리케이션 컨테이너를 실행하여 테스트합니다. ...

Kubernetes 패키지 매니저 도구인 helm을 통해 chart 생성 및 Kubernetes 배포 K3S 환경에서 테스트 Helm https://helm.sh/{:target="_blank"} Kubernetes 배포를 위한 패키지 매니저 툴 (e.g yum, choco) chart 라는 yaml 파일 기반의 템플릿 파일을 통해 패키지화 및 Kubernetes 설치 관리 Deployment, Service, Ingress 등 Kubernetes 서비스의 manifest 생성 및 설치 Helm Repository 를 통해 패키지 등록 및 다른 패키지 설치 가능 Helm Install 바이너리 직접 설치 및 설치 Script 활용 Homebrew, Chocolatey 등의 패키지로도 설치 가능 바이너리 다운로드 https://github.com/helm/helm/releases $ curl -LO https://get.helm.sh/helm-v3.7.1-linux-amd64.tar.gz $ tar -zxvf helm-v3.7.1-linux-amd64.tar.gz $ tree linux-amd64 linux-amd64 ├── LICENSE ├── README.md └── helm $ sudo cp linux-amd64/helm /usr/local/bin/ 설치 Script 활용 $ chmod 700 get_helm.sh $ ./get_helm.sh Creating Your Own Charts kubernetes 설치를 위한 chart 생성 및 세팅 https://helm.sh/docs/helm/helm_create/{:target="_blank"} # chart 생성 $ helm create mvcapp Creating mvcapp Chart directory 구조 Chart.yaml : Chart 버전, 이미지버전, 설명등을 기술하는 파일 values.yaml : manifest template 파일 기반, 기준 값을 세팅하는 파일 templates/ : kubernetes manifest template 파일 charts/ : chart 의존성 파일 $ tree mvcapp mvcapp ├── Chart.yaml ├── charts ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── deployment.yaml │ ├── hpa.yaml │ ├── ingress.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── tests │ └── test-connection.yaml └── values.yaml Chart.yaml 수정 version : Chart 버전 appVersion : Deploy 되는 image 버전 apiVersion: v2 name: mvcapp description: .net core test mvc application # ... 생략 type: application # ... 생략 version: 0.1.0 # ... 생략 appVersion: "0.6" # appVersion: "1.16.0" values.yaml 수정 replicaCount : Pod 의 replica 개수, 2개로 수정 image.repository : docker image 이름, cdecl/mvcapp 로 수정 service.type : On-Premise에서 테스트 목적, NodePort로 수정 service.nodePort : nodePort를 적용하기 위해 신규 추가 # Default values for mvcapp. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 2 image: repository: cdecl/mvcapp pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" imagePullSecrets: [] nameOverride: "" fullnameOverride: "" # ... 생략 service: type: NodePort # ClusterIP port: 80 nodePort: 30010 ingress: # ... 생략 resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi # ... 생략 templates/service.yaml 수정 nodePort 를 적용하기 위해 template 수정 spec.ports.nodePort: {{ .Values.service.nodePort }} 추가 apiVersion: v1 kind: Service metadata: name: {{ include "mvcapp.fullname" . }} labels: {{- include "mvcapp.labels" . | nindent 4 }} spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} targetPort: http pro name: http nodePort: {{ .Values.service.nodePort }} selector: {{- include "mvcapp.selectorLabels" . | nindent 4 }} helm lint : chart 파일 검사 https://helm.sh/docs/helm/helm_lint/{:target="_blank"} $ helm lint mvcapp ==> Linting mvcapp [INFO] Chart.yaml: icon is recommended 1 chart(s) linted, 0 chart(s) failed helm template : kubernetes manifest 생성 https://helm.sh/docs/helm/helm_template/{:target="_blank"} values.yaml 에 세팅한 기준으로 manifest 생성 $ helm template mvcapp --- # Source: mvcapp/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: RELEASE-NAME-mvcapp labels: helm.sh/chart: mvcapp-0.1.0 app.kubernetes.io/name: mvcapp app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/version: "0.6" app.kubernetes.io/managed-by: Helm --- # Source: mvcapp/templates/service.yaml apiVersion: v1 kind: Service metadata: name: RELEASE-NAME-mvcapp labels: helm.sh/chart: mvcapp-0.1.0 app.kubernetes.io/name: mvcapp app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/version: "0.6" app.kubernetes.io/managed-by: Helm spec: type: NodePort ports: - port: 80 targetPort: http pro name: http selector: app.kubernetes.io/name: mvcapp app.kubernetes.io/instance: RELEASE-NAME --- # Source: mvcapp/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: RELEASE-NAME-mvcapp labels: helm.sh/chart: mvcapp-0.1.0 app.kubernetes.io/name: mvcapp app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/version: "0.6" app.kubernetes.io/managed-by: Helm spec: replicas: 2 selector: matchLabels: app.kubernetes.io/name: mvcapp app.kubernetes.io/instance: RELEASE-NAME template: metadata: labels: app.kubernetes.io/name: mvcapp app.kubernetes.io/instance: RELEASE-NAME spec: serviceAccountName: RELEASE-NAME-mvcapp securityContext: {} containers: - name: mvcapp securityContext: {} image: "cdecl/mvcapp:0.6" imagePullPolicy: IfNotPresent ports: - name: http containerPort: 80 pro livenessProbe: httpGet: path: / port: http readinessProbe: httpGet: path: / port: http resources: {} --- # Source: mvcapp/templates/tests/test-connection.yaml apiVersion: v1 kind: Pod metadata: name: "RELEASE-NAME-mvcapp-test-connection" labels: helm.sh/chart: mvcapp-0.1.0 app.kubernetes.io/name: mvcapp app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/version: "0.6" app.kubernetes.io/managed-by: Helm annotations: "helm.sh/hook": test spec: containers: - name: wget image: busybox command: ['wget'] args: ['RELEASE-NAME-mvcapp:80'] restartPolicy: Never helm install : chart 활용 kubernetes service install https://helm.sh/docs/helm/helm_install/{:target="_blank"} install : helm install [NAME] [CHART] [flags] # 설치하지는 않고 테스트 $ helm install mvcapp-svc mvcapp --dry-run # 로컬 Chart 를 통한 설치 $ helm install mvcapp-svc mvcapp NAME: mvcapp-svc LAST DEPLOYED: Thu Nov 4 13:29:38 2021 NAMESPACE: default STATUS: deployed REVISION: 1 NOTES: 1. Get the application URL by running these commands: export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services mvcapp-svc) export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT $ kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 78d mvcapp-svc NodePort 10.43.202.254 <none> 80:31503/TCP 29s $ kubectl get pod NAME READY STATUS RESTARTS AGE mvcapp-svc-78ff4d97f9-hd9rf 1/1 Running 0 37s mvcapp-svc-78ff4d97f9-x4984 1/1 Running 0 37s KS3 export KUBECONFIG=/etc/rancher/k3s/k3s.yaml 세팅 ...

asyncio는 async/await 구문을 사용하여 동시성 코드를 작성하는 라이브러리입니다. 특히 I/O 작업이 많은 애플리케이션에서 높은 성능을 발휘합니다. asyncio : asynchronous io 처리 https://docs.python.org/ko/3/library/asyncio.html{:target="_blank"} Threading 동시성 제어는 GIL (Global interpreter lock) 제약에 의해 느리고, 복잡도는 그대로 가지고 있음 GIL은 Python 인터프리터가 한 번에 하나의 스레드만 실행할 수 있도록 제한하는 메커니즘 멀티스레드를 사용해도 CPU 연산의 실제 병렬 처리가 어려움 IO 병목에 의한 동시성을 관리하기 위한 도구로서 Coroutine을 통한 관리 네트워크 요청, 파일 읽기/쓰기 등 I/O 작업에서 효율적 코루틴은 스레드보다 가벼워서 수천 개의 동시 작업도 효율적으로 처리 가능 일반적인 Coroutine 코드 Coroutine으로 실행 되기는 하나, 비동기로 실행 되지는 않음 async def로 정의된 함수는 코루틴 함수가 됨 await는 다른 코루틴의 실행이 완료될 때까지 대기 asyncio.sleep()은 I/O 작업을 시뮬레이션하는 용도로 자주 사용됨 import asyncio from datetime import datetime def time_log(step): print(datetime.now().strftime('%H:%M:%S'), step) async def async_sleep(): await asyncio.sleep(2) time_log('async_sleep') async def async_execute(): time_log('start') await async_sleep() await async_sleep() time_log('end') def main(): asyncio.run(async_execute()) if __name__ == '__main__': main() [Running] set PYTHONIOENCODING=utf8 && python -u tempCodeRunnerFile.python 11:39:00 start 11:39:02 async_sleep 11:39:04 async_sleep 11:39:04 end 실행 결과를 보면 start -> 2초 대기 -> async_sleep -> 2초 대기 -> async_sleep -> end 순서로 순차 실행됨을 알 수 있습니다. ...

MySQL BinLog (Binary Log) 설정 및 확인 MySQL Binlog https://dev.mysql.com/doc/internals/en/binary-log-overview.html{:target="_blank"} https://dev.mysql.com/doc/refman/5.7/en/replication-options-binary-log.html{:target="_blank"} 데이터 수정에 대한 정보를 포함하는 로그 파일 세트 Binlog 를 사용하는 목적 복제 : 마스터 복제 서버에서 슬레이브 서버로 보낼 명령문의 기록으로 사용 데이터 복구 : 백업 파일이 복원된, 특정 시점 이후의 데이터 복구를 위해 사용 Binlog 기록하는 방법 binlog-format STATEMENT : 이벤트에는 데이터 변경(삽입, 업데이트, 삭제)을 생성하는 SQL 문이 포함 MySQL 5.7.7 이전 버전까지 Default ROW : 행 기반 로깅: 이벤트는 개별 행의 변경 사항을 설명합니다. MySQL 5.7.7 버전 부터 Default MIXED : 기본적으로 STATEMENT 로깅, 필요에 따라 자동으로 ROW 로깅으로 전환 일관성 NDB Cluster 경우 Default STATEMENT 경우 ISOLATION LEVEL이 READ-COMMITTED 경우 복구시, Dirty Read 에 의한 일관성이 문제가 될 수 있음 ...

Loadbalancing & High-Availability 를 위한 Keepalived 설정 및 테스트 Keepalived https://www.keepalived.org/{:target="_blank"} VRRP 를 활용 가상IP (VIP) 기반 서버 다중화 도구 VRRP 는 여러 대의 라우터를 그룹으로 묶어 하나의 가상 IP 어드레스를 부여, 마스터로 지정된 라우터 장애시 VRRP 그룹 내의 백업 라우터가 마스터로 자동 전환되는 프로토콜입니다. Install # install $ sudo yum install keepalived # service start $ sudo systemctl start keepalived $ sudo systemctl status keepalived ● keepalived.service - LVS and VRRP High Availability Monitor Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled) Active: active (running) since 화 2021-10-26 11:37:04 KST; 4s ago Process: 18356 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 18357 (keepalived) Tasks: 3 Memory: 1.6M CGroup: /system.slice/keepalived.service ├─18357 /usr/sbin/keepalived -D ├─18358 /usr/sbin/keepalived -D └─18359 /usr/sbin/keepalived -D 10월 26 11:37:05 node1 Keepalived_vrrp[18359]: VRRP_Instance(VI_1) forcing a new MASTER ...on 10월 26 11:37:06 node1 Keepalived_vrrp[18359]: VRRP_Instance(VI_1) Transition to MASTER STATE 10월 26 11:37:07 node1 Keepalived_vrrp[18359]: VRRP_Instance(VI_1) Entering MASTER STATE 10월 26 11:37:07 node1 Keepalived_vrrp[18359]: VRRP_Instance(VI_1) setting pro 10월 26 11:37:07 node1 Keepalived_vrrp[18359]: Sending gratuitous ARP on eth0 for 192.16...00 10월 26 11:37:07 node1 Keepalived_vrrp[18359]: VRRP_Instance(VI_1) Sending/queueing grat...00 10월 26 11:37:07 node1 Keepalived_vrrp[18359]: Sending gratuitous ARP on eth0 for 192.16...00 10월 26 11:37:07 node1 Keepalived_vrrp[18359]: Sending gratuitous ARP on eth0 for 192.16...00 10월 26 11:37:07 node1 Keepalived_vrrp[18359]: Sending gratuitous ARP on eth0 for 192.16...00 10월 26 11:37:07 node1 Keepalived_vrrp[18359]: Sending gratuitous ARP on eth0 for 192.16...00 Hint: Some lines were ellipsized, use -l to show in full. 기본 설정 https://www.redhat.com/sysadmin/keepalived-basics{:target="_blank"} https://www.redhat.com/sysadmin/advanced-keepalived{:target="_blank"} 테스트 환경 CentOS 7 (Hyper-v) node1 (MASTER) : 192.168.137.201 node2 (BACKUP) : 192.168.137.202 VIP : 192.168.137.200 /etc/keepalived/keepalived.conf vrrp_instance : 인터페이스에서 실행되는 프로토콜의 개별 인스턴스 정의 state : 인스턴스에서 시작해야 하는 초기 상태 interface : 네트워크 인터페이스 virtual_router_id : 네트워크 가상 ID priority : 우선 순위 advert_int : VRRP 패킷 송신 간격 (sec) authentication : 서로 서버간, 인증 계정 정보 virtual_ipaddress : 가상 IP vip MASTER 설정 : 192.168.137.201 vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 210 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.137.200 } } BACKUP 설정 : 192.168.137.202 vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 200 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.137.200 } } MASTER 노드에 우선순위 priority 210 를 높게 줌 ...