https://www.youngju.dev/blog 천천히 올바르게. AI Researcher & DevOps Engineer Youngju's tech blog. GPU/CUDA, LLM, MLOps, Kubernetes AI workloads, distributed training, and data engineering. ko fjvbn2003@gmail.com (Youngju Kim) fjvbn2003@gmail.com (Youngju Kim) Mon, 15 Jun 2026 00:00:00 GMT https://www.youngju.dev/blog/kubernetes/2026-06-15-building-database-operator-walkthrough.en https://www.youngju.dev/blog/kubernetes/2026-06-15-building-database-operator-walkthrough.en A code-driven walkthrough of solving the hard parts of stateful database operations with a reconcile loop. We cover CR spec design, reconciling StatefulSet/Service/PVC, periodic backups, failover and leader-election concepts, sequential rolling upgrades, exposing health via status, and observability. We reference existing Operators while weighing the trade-offs and pitfalls of building your own. Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatordatabasekubebuildercontroller-runtimestatefulset https://www.youngju.dev/blog/kubernetes/2026-06-15-building-database-operator-walkthrough.ja https://www.youngju.dev/blog/kubernetes/2026-06-15-building-database-operator-walkthrough.ja ステートフルなデータベース運用の難しさをreconcileループで解いていく過程をコードで追います。CRスペック設計からStatefulSet・Service・PVCの調整、定期バックアップ、フェイルオーバーとリーダー選出の概念、順次ローリングアップグレード、statusによるヘルス公開と観測までを扱います。既存Operatorを参考にしつつ自作のトレードオフと落とし穴も押さえます。 Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatordatabasekubebuildercontroller-runtimestatefulset https://www.youngju.dev/blog/kubernetes/2026-06-15-building-database-operator-walkthrough https://www.youngju.dev/blog/kubernetes/2026-06-15-building-database-operator-walkthrough 스테이트풀 데이터베이스 운영의 어려움을 reconcile 루프로 풀어내는 과정을 코드로 따라갑니다. CR 스펙 설계부터 StatefulSet·Service·PVC 조정, 주기적 백업, 페일오버와 리더 선출 개념, 순차 롤링 업그레이드, status 헬스 노출과 관측까지 다룹니다. 기성 Operator를 참고하되 직접 구현의 트레이드오프와 함정도 짚습니다. Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatordatabasekubebuildercontroller-runtimestatefulset https://www.youngju.dev/blog/kubernetes/2026-06-15-kubebuilder-first-operator-tutorial.en https://www.youngju.dev/blog/kubernetes/2026-06-15-kubebuilder-first-operator-tutorial.en Build a working Operator end to end with Kubebuilder. Covers prerequisites, the init/create api flow, defining API types, the full reconcile code that manages a Deployment and Service, RBAC markers, CRD generation, local run vs. cluster deploy, the testing concept, and common mistakes. Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kuberneteskubebuilderoperatorcontroller-runtimegotutorial https://www.youngju.dev/blog/kubernetes/2026-06-15-kubebuilder-first-operator-tutorial.ja https://www.youngju.dev/blog/kubernetes/2026-06-15-kubebuilder-first-operator-tutorial.ja Kubebuilder で実際に動く Operator を最初から最後まで作ります。事前準備、init/create api の流れ、API 型の定義、Deployment と Service を調整する reconcile の全コード、RBAC マーカー、CRD 生成、ローカル実行とクラスターデプロイ、テストの概念、よくある間違いまで扱います。 Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kuberneteskubebuilderoperatorcontroller-runtimegotutorial https://www.youngju.dev/blog/kubernetes/2026-06-15-kubebuilder-first-operator-tutorial https://www.youngju.dev/blog/kubernetes/2026-06-15-kubebuilder-first-operator-tutorial Kubebuilder로 실제 동작하는 Operator를 처음부터 끝까지 만듭니다. 사전 준비, init/create api 흐름, API 타입 정의, Deployment·Service를 조정하는 reconcile 전체 코드, RBAC 마커, CRD 생성, 로컬 실행과 클러스터 배포, 테스트 개념, 흔한 실수까지 다룹니다. Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kuberneteskubebuilderoperatorcontroller-runtimegotutorial https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-crd-design-versioning.en https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-crd-design-versioning.en A CustomResourceDefinition is an API contract that outlives the code around it. This deep dive walks through OpenAPI v3 schema design and CEL validation, multi-version strategy and storage versions, conversion webhook implementation, and backward compatibility and migration to build CRDs you can operate for years. Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatorcrdversioningconversion-webhookkubebuildercel https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-crd-design-versioning.ja https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-crd-design-versioning.ja CustomResourceDefinition は周囲のコードよりも長く生き残る API 契約です。本記事では OpenAPI v3 スキーマ設計と CEL 検証、多バージョン戦略と storage version、conversion webhook の実装、後方互換とマイグレーションまで、長年運用できる CRD を作るための全工程を深く解説します。 Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatorcrdversioningconversion-webhookkubebuildercel https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-crd-design-versioning https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-crd-design-versioning CustomResourceDefinition은 한 번 설계하면 오래 살아남는 API 계약입니다. OpenAPI v3 스키마 설계와 CEL 검증, 다중 버전 전략과 storage version, conversion webhook 구현, 하위호환과 마이그레이션까지 운영 가능한 CRD를 만드는 전 과정을 깊이 있게 다룹니다. Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatorcrdversioningconversion-webhookkubebuildercel https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-finalizers-webhooks-status.en https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-finalizers-webhooks-status.en This post covers the three topics that move a Kubernetes Operator from a demo to production: cleaning up external resources with Finalizers, Validating and Mutating Admission Webhooks, and designing the Status subresource with the standard Conditions pattern. It includes hands-on Go code, common pitfalls, and testing strategies based on controller-runtime v0.24.x and the latest Kubebuilder. Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatorfinalizerwebhookkubebuilder https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-finalizers-webhooks-status.ja https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-finalizers-webhooks-status.ja Kubernetes Operator をデモから本番品質へ引き上げる 3 つの中心テーマ、すなわち Finalizer による外部リソースのクリーンアップ、Validating・Mutating Admission Webhook、そして Status サブリソースと Conditions 標準の設計を解説します。controller-runtime v0.24.x と最新の Kubebuilder を前提に、実践的な Go コード、よくある落とし穴、テスト戦略までまとめます。 Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatorfinalizerwebhookkubebuilder https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-finalizers-webhooks-status https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-finalizers-webhooks-status Kubernetes Operator를 프로덕션 수준으로 끌어올리는 세 가지 핵심 주제인 Finalizer를 통한 외부 리소스 정리, Validating·Mutating Admission Webhook, 그리고 Status 서브리소스와 Conditions 표준 설계를 다룹니다. controller-runtime v0.24.x와 Kubebuilder 최신 버전 기준의 실전 Go 코드와 함정, 테스트 전략까지 정리합니다. Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatorfinalizerwebhookkubebuilder https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-security-rbac-hardening.en https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-security-rbac-hardening.en An Operator runs cluster-wide with powerful privileges, so a single compromise can endanger the whole cluster. This article covers Operator security end to end — generating least-privilege RBAC with markers, choosing Role versus ClusterRole, securing metrics after kube-rbac-proxy removal, webhook TLS, preventing privilege escalation, multi-tenant isolation, image signing and SBOM, and Secret handling and audit. Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatorrbacsecuritysupply-chainmulti-tenancykubebuilder https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-security-rbac-hardening.ja https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-security-rbac-hardening.ja Operator はクラスタ全体で強力な権限を持って動作するため、一度侵害されるとクラスタ全体が危険にさらされます。本記事では、RBAC マーカーによる最小権限の生成、Role と ClusterRole の選択基準、kube-rbac-proxy 廃止後のメトリクス保護、Webhook の TLS、権限昇格の防止、マルチテナント分離、イメージ署名と SBOM、Secret の取り扱いと監査まで、Operator セキュリティ全体を深く扱います。 Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatorrbacsecuritysupply-chainmulti-tenancykubebuilder https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-security-rbac-hardening https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-security-rbac-hardening Operator는 클러스터 전역에서 강력한 권한으로 동작하기 때문에 한 번 탈취되면 클러스터 전체가 위험해집니다. RBAC 마커로 최소권한을 생성하는 방법, Role과 ClusterRole 선택 기준, kube-rbac-proxy 제거 이후의 메트릭 보안, 웹훅 TLS, 권한 상승 방지, 멀티테넌시 격리, 이미지 서명과 SBOM, Secret 처리와 감사까지 Operator 보안 전반을 깊이 있게 다룹니다. Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatorrbacsecuritysupply-chainmulti-tenancykubebuilder https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-testing-olm-distribution.en https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-testing-olm-distribution.en A deep dive into testing and distributing Kubernetes Operators safely. Covers the test pyramid (unit reconcile, envtest, e2e), OLM concepts (CSV, bundle, catalog), upgrade graphs, least-privilege RBAC, multi-tenant install modes, and a production checklist with working code. Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatortestingenvtestolmkubebuilder https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-testing-olm-distribution.ja https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-testing-olm-distribution.ja Kubernetes Operator を安全にテストして配布する方法を解説します。テストピラミッド(unit reconcile・envtest・e2e)から OLM の CSV・バンドル・カタログ、アップグレードグラフ、最小権限 RBAC、マルチテナントのインストールモード、本番チェックリストまでコードとともに整理します。 Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatortestingenvtestolmkubebuilder https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-testing-olm-distribution https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-testing-olm-distribution Kubernetes Operator를 안전하게 테스트하고 배포하는 방법을 다룹니다. 테스트 피라미드(unit reconcile·envtest·e2e)부터 OLM의 CSV·번들·카탈로그, 업그레이드 그래프, 최소권한 RBAC, 멀티테넌트 설치 모드, 프로덕션 체크리스트까지 코드와 함께 정리합니다. Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatortestingenvtestolmkubebuilder https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-upgrade-migration-production.en https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-upgrade-migration-production.en A complete walkthrough of safely upgrading an Operator in production. It covers rolling the controller Deployment with leader election, multi-version CRDs and conversion webhooks, phased rollout of managed workloads, rollback strategy, large-scale CR migration, and incident response, all with working code. Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatorkubebuildercontroller-runtimecrdproduction https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-upgrade-migration-production.ja https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-upgrade-migration-production.ja Operator を本番環境で安全にアップグレードする全体の流れを解説します。リーダー選出を伴うコントローラ Deployment のローリング、マルチバージョン CRD と conversion webhook、管理ワークロードの段階的ロールアウト、ロールバック戦略、大規模 CR マイグレーション、障害対応までを動作するコードとともにまとめました。 Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatorkubebuildercontroller-runtimecrdproduction https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-upgrade-migration-production https://www.youngju.dev/blog/kubernetes/2026-06-15-operator-upgrade-migration-production Operator를 프로덕션에서 안전하게 업그레이드하는 전체 흐름을 다룹니다. 컨트롤러 Deployment 롤링과 리더 선출, 다중 버전 CRD와 conversion webhook, 관리 워크로드의 단계적 롤아웃, 롤백 전략, 대규모 CR 마이그레이션, 그리고 장애 대응까지 working code와 함께 정리했습니다. Mon, 15 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) kubernetesoperatorkubebuildercontroller-runtimecrdproduction