Antigravity Agent
4.9 KiB
4.9 KiB
id, title, category, status, source_trust_level, verification_status, created_at, updated_at, tags, tech_stack, applied_in, aliases
| id | title | category | status | source_trust_level | verification_status | created_at | updated_at | tags | tech_stack | applied_in | aliases | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| devops-kubernetes-basics | Kubernetes — Deployment / Service / Ingress | Coding | draft | B | conceptual | 2026-05-09 | 2026-05-09 |
|
|
|
Kubernetes Basics
Container orchestrator. Pod = 컨테이너 그룹, Deployment = pod replica 관리, Service = 안정 endpoint, Ingress = 외부 노출. Probes / resources / HPA 가 production hygiene.
📖 핵심 개념
- Namespace: 논리 분리.
- Pod: 1+ 컨테이너 단위, 같은 IP.
- ReplicaSet: pod 수 유지. (Deployment 가 사용)
- Deployment: rolling update.
- Service: stable IP / DNS, load balance.
- Ingress: HTTP path / host routing.
💻 코드 패턴
Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: api
namespace: prod
spec:
replicas: 3
selector: { matchLabels: { app: api } }
strategy:
type: RollingUpdate
rollingUpdate: { maxUnavailable: 0, maxSurge: 1 }
template:
metadata: { labels: { app: api } }
spec:
containers:
- name: api
image: ghcr.io/myco/api:1.2.3
ports: [{ containerPort: 8080 }]
env:
- { name: NODE_ENV, value: production }
- { name: DB_URL, valueFrom: { secretKeyRef: { name: db, key: url } } }
resources:
requests: { cpu: 100m, memory: 256Mi }
limits: { cpu: 500m, memory: 512Mi }
readinessProbe:
httpGet: { path: /healthz, port: 8080 }
initialDelaySeconds: 5
periodSeconds: 5
livenessProbe:
httpGet: { path: /livez, port: 8080 }
initialDelaySeconds: 30
periodSeconds: 10
startupProbe:
httpGet: { path: /healthz, port: 8080 }
failureThreshold: 30
periodSeconds: 2
Service
apiVersion: v1
kind: Service
metadata: { name: api, namespace: prod }
spec:
type: ClusterIP
selector: { app: api }
ports: [{ port: 80, targetPort: 8080 }]
Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: api
namespace: prod
annotations:
cert-manager.io/cluster-issuer: letsencrypt
spec:
ingressClassName: nginx
tls:
- hosts: [api.myco.com]
secretName: api-tls
rules:
- host: api.myco.com
http:
paths:
- path: /
pathType: Prefix
backend: { service: { name: api, port: { number: 80 } } }
ConfigMap & Secret
apiVersion: v1
kind: ConfigMap
metadata: { name: app-config }
data:
LOG_LEVEL: info
FEATURE_X: "true"
---
apiVersion: v1
kind: Secret
metadata: { name: db }
type: Opaque
stringData:
url: postgres://app:pw@db:5432/app
HPA (autoscale)
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata: { name: api }
spec:
scaleTargetRef: { apiVersion: apps/v1, kind: Deployment, name: api }
minReplicas: 2
maxReplicas: 20
metrics:
- type: Resource
resource: { name: cpu, target: { type: Utilization, averageUtilization: 70 } }
PDB (graceful disruption)
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata: { name: api }
spec:
minAvailable: 2
selector: { matchLabels: { app: api } }
kubectl 자주 쓰는
kubectl get pods -n prod
kubectl logs -f deployment/api -n prod
kubectl describe pod <pod> -n prod
kubectl exec -it <pod> -n prod -- sh
kubectl rollout restart deployment/api -n prod
kubectl rollout undo deployment/api -n prod
kubectl top pods -n prod
kubectl port-forward svc/api 8080:80 -n prod
Helm chart 구조
charts/api/
Chart.yaml
values.yaml # 기본값
values-prod.yaml # 환경별 override
templates/
deployment.yaml
service.yaml
ingress.yaml
🤔 의사결정 기준
| 상황 | 도구 |
|---|---|
| 단순 배포 | raw YAML + kustomize |
| Reusable / 환경 다양 | Helm chart |
| 다중 환경 GitOps | Argo CD / Flux |
| 복잡한 cron | Job / CronJob |
| Stateful (DB) | StatefulSet (또는 DB 매니지드) |
| Sidecars (proxy, log) | initContainer / sidecar |
❌ 안티패턴
- Liveness만, Readiness 없음: warmup 안 끝났는데 트래픽.
- Resources 없음: 한 pod 가 노드 장악 / OOM.
- Limit = Request: throttling 심해짐. limit 좀 여유.
- Latest tag: 재현 불가. semver tag.
- Secret YAML 에 평문: SOPS / Sealed Secrets / External Secrets.
- Replicas 1 + PDB minAvailable 1: 노드 drain 못 함.
- maxUnavailable 1 + replicas 2: 50% 다운. 0/1 권장.
- HPA 없음 prod: 트래픽 spike 죽음.
🤖 LLM 활용 힌트
- Probes 3종 + resources + HPA + PDB 항상.
- Helm + Argo CD GitOps.
- ConfigMap 비밀X, Secret 평문X (SOPS).