Skip to content

JuliaFoerster/10_K8S

Repository files navigation

K8S

Useful command: watch kubectl get pods,services,deployments --all-namespaces -o wide

EXERCISE 1: Create a Kubernetes cluster.
brew install minikube
minikube start --driver docker
minikube status
EXERCISE 2: Deploy Mysql with 3 replicas.
First of all, you want to deploy the mysql database. Deploy Mysql database with 3 replicas and volumes for data persistence. To simplify the process you can use Helm for that.

Execute deployment from directory exercise_2/3_bitnami_with_replia:

cd exercise_2/3_bitnami_with_replia

1. Use YAML files to create Volume and VolumeClaim

kubectl apply -f sql-replica-pv.yaml
kubectl apply -f sql-replica-pvc.yaml

2. Use Helm Charts to create 3 SQL Instances using peristant volumes

helm repo add bitnami https://charts.bitnami.com/bitnami
helm search repo bitnami/
helm install mysql bitnami/mysql -f sql-replica.yaml

3. Check if pods run as expected:
Enter pod

kubectl exec -it pod/mysql-primary-0 -- /bin/bash

DB login

mysql -u <MYSQL_USERNAME> -p <MYSQL_PASSWORD
-> mysql -u dev_user -p passworddev

EXERCISE 3: Deploy your Java Application with 3 replicas.
Deploy your Java application with 3 replicas. With docker-compose, you were setting env_vars on server. In K8s there are own components for that, so create ConfigMap and Secret with the values and reference them in the application deployment config file.
Execute deployment from directory k8s
Create docker image from Java App and push it into your DockerHub Repository.

cd docker-exercise
gradle build

Rename generated jar file to: java-mysql-project-1.0-SNAPSHOT.jar

  • Create and tag a docker image using existing Dockerfile: docker build -t <DOCKERHUB_USERNAME>/java_app:1.0 .
  • Check if the image got build: docker images
  • Login to Docker Hub: docker login
  • Push Image into your Dockerhub Repository: docker push <DOCKERHUB_USERNAME>/java-app:1.0
1. Create Key (login to Registry and create Secret in K8S)
DOCKER_REGISTRY_SERVER=https://index.docker.io/v1/
DOCKER_USER=your docker username
DOCKER_EMAIL=your dockerhub email
DOCKER_PASSWORD= dockerhub pwd

kubectl create secret docker-registry my-registry-key1 \
--docker-server=<DOCKER_REGISTRY_SERVER>
--docker-username=<DOCKERHUB_USERNAME> \
--docker-password=<DOCKERHUB_PASSWORD> \
--docker-email=<DOCKERHUB_EMAIL>
2. Execute following commands

kubectl apply -f mysql-secret.yaml
kubectl apply -f mysql-configmap.yaml
kubectl apply -f deployment.yaml

EXERCISE 4: Deploy phpmyadmin.
1. Create deployment yaml file for phpmyadmin instance and deploy:

kubectl apply -f phpmyadmin.yaml

EXERCISE 5: Deploy ingress controller

We want users to access the application using the IP address and instead use a domain name -> Install Ingress controller in the cluster and configure ingress access for your application.

Create Controller

minikube addons enable ingress

EXERCISE 6: Create Ingress rule.
1. Write Routing Rule and apply it to cluster

kubectl apply -f kubectl apply -f java-app-ingress.yaml

This will throw an error:
Error from server (InternalError): error when creating "java-app-ingress.yaml": Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": failed to call webhook: Post "[...]": dial tcp 10.111.212.254:443: connect: connection refused

As described here: https://medium.com/ci-cd-devops/internal-error-occurred-failed-calling-webhook-validate-nginx-ingress-kubernetes-io-b5008e628e03 you can solve this error with:

kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admission

2. Starting minikube tunnel

Everything coming from localhost 127.0.0.1 will be redirected to minikube ip

sudo minikube tunnel

3. Ensure your /etc/hosts file contains the correct entry:

map "my-app.com" to "127.0.0.1."

4. Check if App availabe via Browser:
  1. etc/hosts file will redirect requests from http://my-app.com/ to 127.0.0.1
  2. minikube tunnel redirects request from 127.0.0.1 to minikube (services).
    E.g.
    - phpmyadmin service available on http://my-app.com:8081/
    - http://my-app.com/ will show team member roles (a picture)
    - http://my-app.com/get-data shows list of existing team members
EXERCISE 7: Port-forward for phpmyadmin

This exercise does not make much sense in our scenario because our app is running on minikube/localhost (see exercise 6).

phpMyAdmin Security Concerns: phpMyAdmin is a tool for managing MySQL databases, and it can potentially have security implications if it's exposed to the public internet. By default, it might have vulnerabilities or could be a target for attacks. So, to mitigate these concerns, you choose not to expose it to the public.

Port Forwarding: Instead of exposing phpMyAdmin directly via my-app.com/8081, you configure port forwarding. Port forwarding allows you to access a specific service running inside your Kubernetes cluster from your local machine (localhost) without exposing it to the public internet. This means that phpMyAdmin remains hidden within your cluster, and you can access it securely when needed.

The kubectl port-forward command is used to create a network tunnel between your local machine and a service running inside a Kubernetes cluster:

kubectl port-forward svc/phpmyadmin-service 8081:8081

Now phpmyadmin is not available on my-app.com/8081 anymore but on localhost/8081 (which is the same for us, as mentioned at the beginning of this exercise).

EXERCISE 8: ToDo Create Helm Chart for Java App

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published