Useful command: watch kubectl get pods,services,deployments --all-namespaces -o wide
EXERCISE 1: Create a Kubernetes cluster.
brew install minikube
minikube start --driver docker
minikube status
EXERCISE 2: Deploy Mysql with 3 replicas.
First of all, you want to deploy the mysql database. Deploy Mysql database with 3 replicas and volumes for data persistence. To simplify the process you can use Helm for that.
cd exercise_2/3_bitnami_with_replia
kubectl apply -f sql-replica-pv.yaml
kubectl apply -f sql-replica-pvc.yaml
helm repo add bitnami https://charts.bitnami.com/bitnami
helm search repo bitnami/
helm install mysql bitnami/mysql -f sql-replica.yaml
kubectl exec -it pod/mysql-primary-0 -- /bin/bash
mysql -u <MYSQL_USERNAME> -p <MYSQL_PASSWORD
-> mysql -u dev_user -p passworddev
EXERCISE 3: Deploy your Java Application with 3 replicas.
Deploy your Java application with 3 replicas. With docker-compose, you were setting env_vars on server. In K8s there are own components for that, so create ConfigMap and Secret with the values and reference them in the application deployment config file.
cd docker-exercise
gradle build
Rename generated jar file to: java-mysql-project-1.0-SNAPSHOT.jar
- Create and tag a docker image using existing Dockerfile:
docker build -t <DOCKERHUB_USERNAME>/java_app:1.0 .
- Check if the image got build:
docker images
- Login to Docker Hub:
docker login
- Push Image into your Dockerhub Repository:
docker push <DOCKERHUB_USERNAME>/java-app:1.0
DOCKER_REGISTRY_SERVER=https://index.docker.io/v1/
DOCKER_USER=your docker username
DOCKER_EMAIL=your dockerhub email
DOCKER_PASSWORD= dockerhub pwd
kubectl create secret docker-registry my-registry-key1 \
--docker-server=<DOCKER_REGISTRY_SERVER>
--docker-username=<DOCKERHUB_USERNAME> \
--docker-password=<DOCKERHUB_PASSWORD> \
--docker-email=<DOCKERHUB_EMAIL>
kubectl apply -f mysql-secret.yaml
kubectl apply -f mysql-configmap.yaml
kubectl apply -f deployment.yaml
EXERCISE 4: Deploy phpmyadmin.
kubectl apply -f phpmyadmin.yaml
EXERCISE 5: Deploy ingress controller
We want users to access the application using the IP address and instead use a domain name -> Install Ingress controller in the cluster and configure ingress access for your application.
minikube addons enable ingress
EXERCISE 6: Create Ingress rule.
kubectl apply -f kubectl apply -f java-app-ingress.yaml
This will throw an error:
Error from server (InternalError): error when creating "java-app-ingress.yaml": Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": failed to call webhook: Post "[...]": dial tcp 10.111.212.254:443: connect: connection refused
As described here: https://medium.com/ci-cd-devops/internal-error-occurred-failed-calling-webhook-validate-nginx-ingress-kubernetes-io-b5008e628e03
you can solve this error with:
kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admission
Everything coming from localhost 127.0.0.1 will be redirected to minikube ip
sudo minikube tunnel
map "my-app.com" to "127.0.0.1."
- etc/hosts file will redirect requests from http://my-app.com/ to 127.0.0.1
- minikube tunnel redirects request from 127.0.0.1 to minikube (services).
E.g.
- phpmyadmin service available on http://my-app.com:8081/
- http://my-app.com/ will show team member roles (a picture)
- http://my-app.com/get-data shows list of existing team members
EXERCISE 7: Port-forward for phpmyadmin
This exercise does not make much sense in our scenario because our app is running on minikube/localhost (see exercise 6).
phpMyAdmin Security Concerns: phpMyAdmin is a tool for managing MySQL databases, and it can potentially have security implications if it's exposed to the public internet. By default, it might have vulnerabilities or could be a target for attacks. So, to mitigate these concerns, you choose not to expose it to the public.
Port Forwarding: Instead of exposing phpMyAdmin directly via my-app.com/8081, you configure port forwarding. Port forwarding allows you to access a specific service running inside your Kubernetes cluster from your local machine (localhost) without exposing it to the public internet. This means that phpMyAdmin remains hidden within your cluster, and you can access it securely when needed.
The kubectl port-forward command is used to create a network tunnel between your local machine and a service running inside a Kubernetes cluster:
kubectl port-forward svc/phpmyadmin-service 8081:8081
Now phpmyadmin is not available on my-app.com/8081 anymore but on localhost/8081 (which is the same for us, as mentioned at the beginning of this exercise).