Kubernetes/Kubernetes Workshop/Setting up Infrastructure as Code (IaC) in Kubernetes
Overview
At the end of this module, you should be able to:
- Use a YAML formatted configuration file to run batch applications and services.
- Setup a complex service of web servers, databases, and networking.
- Run services on minikube via a YAML configuration file.
Step 1 - Creating Jobs with YAML
Up to this point, we have done the following to run an application on a Kubernetes cluster:
- Packaged it as a container
- Wrapped the container in a Pod
- Deployed it via the Kubernetes Command Line Interface (CLI)
While using the command line is convenient for learning, experimenting and troubleshooting, the preferred way of doing things is to declare the desired state of your application in a manifest file. Manifest files are written in YAMLand describe what an application should look like. It defines things like which image to use, how many replicas to run, how to perform updates, and more. Behind the scenes, Kubernetes continuously monitors your cluster and compares its actual state to the desired state in the manifest. If a discrepancy is found, Kubernetes takes care of reconciling the situation.
This declarative model is simple and powerful: you just tell Kubernetes what you want, and Kubernetes takes care of the how. This approach is less error-prone and lends itself to version control and reproducible deployments. It is also self-documenting.
In this section, we will work with the pywpchksumbot.py application from Module 1. We start by creating a YAML configuration to run the pywpchksumbot application as a single job:
- Create the following YAML config file and save it as
<filename>.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: pywpchksumbot <== Job name
spec:
template: <== Pod template definition
spec:
containers:
- name: pywpchksumbot
image: <your_username>/<image_name>:<tag>
imagePullPolicy: IfNotPresent
resources: {}
restartPolicy: Never
backoffLimit: 4 <== Number of retries before considering a Job as failed
- Run your YAML script with the following commands:
$ minikube start
$ kubectl apply -f <file-name>.yaml
job.batch/pywpchksumbot created
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
pywpchksumbot-qsr86 0/1 Completed 0 23s
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
pywpchksumbot 1/1 11s 76s
- Delete all running instances with:
$ kubectl delete job <job_name>
job.batch "pywpchksumbot" deleted
- Alternatively, instead of typing the job name, the YAML file can be used:
$ kubectl delete -f <file-name>.yaml
job.batch "pywpchksumbot" deleted
Step 2 - Cronjobs
A cronjob is a job scheduler on Unix-like operating systems. You will work with a cronjob that runs a program repeatedly with a syntax similar to crond.
- Create a new YAML file. Your YAML file should contain a configuration similar to the snippet below:
apiVersion: batch/v1
kind: CronJob
metadata:
name: cronpywpchksumbot
spec:
schedule: "*/5 * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: pywpchksumbot
image: <your_username>/<image_name>:<tag>
imagePullPolicy: IfNotPresent
restartPolicy: OnFailure
- Run your YAML script with the following commands:
$ kubectl create -f <file_name>.yaml
cronjob.batch/cronpywpchksumbot created
$ kubectl get pods
$ kubectl get cronjobs
NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE
cronpywpchksumbot */5 * * * * False 0 <none> 88s
$ kubectl describe cronjobs <cronjob_name>
- You can change the schedule by editing the YAML file. Delete all running instances with:
$ kubectl delete job <job_name>
job.batch "pywpchksumbot" deleted
- In the line for schedule, you can replace the current value with any time description of your choice. Re-run the script:
$ kubectl apply -f <file_name>.yaml
cronjob.batch/cronpywpchksumbot configured
$ kubectl describe cronjobs <cron_job>
- Check for the schedule:
$ kubectl describe cronjob <cron_job> | grep -i schedule
Schedule: <value in schedule>
Last Schedule Time: Day, Date Month Year Hour:Minute:Seconds +0000
- Delete all running instances:
$ kubectl delete cronjobs --all
cronjob.batch "cronpywpchksumbot" deleted
Note:
- Cronjobs with names longer than 52 characters silently fail to schedule jobs.
- Pods would sometimes get stuck in the Pending state forever.
- The scheduler would crash every 3 hours.
- Flannel’s hostgw backend did not replace outdated route table entries.
- You can study this article to understand how Stripe makes use of Cronjobs.
Step 3 - Deploying a Simple Web Server
In this section, you will deploy a web server using a YAML configuration file. The Docker image is that of the apache container you created in Module 2.
- Create a new YAML file using the editor of your choice:
apiVersion: apps/v1
kind: Deployment
metadata:
name: ndeploy
labels:
app: ndeploy
spec:
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
app: ndeploy
template:
metadata:
labels:
app: ndeploy
spec:
containers:
- name: ndeploy
image: <your_username>/<image_name>:<tag>
imagePullPolicy: Always
Note:
- Add a label app to the Deployment and the resulting Pods (the template stanza).
- Set the replicas to 1.
- Always pull the image from DockerHub, whether it is present in your local Docker or containerd context. Do this to ensure you have the right image. However, pulling images from Docker Hub will consume bandwidth every time you start a new Pod.
- Run your YAML script with the following commands:
$ kubectl create -f <file_name>.yaml
deployment.apps/ndeploy created
$ kubectl get pods
$ kubectl get deployments
NAME READY UP-TO-DATE AVAILABLE AGE
<name> 1/1 1 1 8s
$ kubectl describe deployment <deployment_name>
Note: The value of <deployment_name>
should be the same as the value in the previous YAML file.
- Create a new YAML file, using your favorite edit, to define your Service(s). Define the necessary Service(s). The Service will expose the Pod in the Deployment above and will use the app label in the Deployment and match it via the selector in the Service description:
kind: Service
apiVersion: v1
metadata:
name: ndeploy
spec:
selector:
app: ndeploy
type: NodePort
ports:
- protocol: TCP
port: 80
targetPort: 80
- Run your YAML script with the following commands:
$ kubectl create -f <filename>.yaml
service/ndeploy created
$ kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ndeploy NodePort 10.103.127.158 <pending> 80:30818/TCP 3m3s
$ kubectl describe service <service_name>
$ minikube service <service_name> --url
http://192.168.49.2:30818
- Navigate to the URL with a browser or make a curl request on the machine you are running minikube on.
- Delete all running instances:
$ kubectl delete service <service_name>
$ kubectl delete deployment <deployment_name>
Hands-on Demo: Deploying a Production Web Server
In this section, you will run a program that randomly selects and prints a book from a MySQL database (you can see it as a book recommendation server). This service will require a database server, two web servers, and a load balancer to make requests between them. There is an ongoing discussion around using k8s to host databases or stateful services. Still, for a non-production workload such as your demo application, k8s will work just fine.
The outlined steps below will help you setup and deploy a production ready web server:
Note: In this case, we won’t be using a Dockerfile, but will create the container manually.
- Pull and run the MariaDB Docker container and build the database.
$ docker pull mariadb
$ docker run --name=<container-name> -p 3306:3306 -e MYSQL_ROOT_PASSWORD=password -d mariadb
3e8f39………………………….
- Inside the container, download the books which you would use in building your database:
$ docker ps -a
$ docker exec -it <containerid> /bin/bash
$ apt-get update
$ apt-get install curl
$ curl -o /var/lib/mysql/books.csv https://gist.githubusercontent.com/jaidevd/23aef12e9bf56c618c41/raw/c05e98672b8d52fa0cb94aad80f75eb78342e5d4/books.csv
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 12151 100 12151 0 0 62264 0 --:--:-- --:--:-- --:--:-- 62634
- Run the database in a safe mode:
$ mysqld_safe --skip-grant-tables &
- In a new terminal, login as root user. Type in any random password at the prompt.
$ mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 7
……………………………………………………….
MariaDB [(none)]>
- Create your database:
MariaDB [books]> create database books;
Query OK, 1 row affected
MariaDB [books]> use books;
Database changed
MariaDB [books]> create table books ( title varchar(80), author varchar(80), genre varchar(30), pages int, publisher varchar(60) );
Query OK, 0 rows affected
MariaDB [books]> load data infile '/var/lib/mysql/books.csv' ignore into table books fields terminated by ',' enclosed by '"' lines terminated by '\n' ignore 1 rows;
Query OK, 211 rows affected, 1 warning (0.009 sec)
Records: 211 Deleted: 0 Skipped: 0 Warnings: 1
MariaDB [books]> create user 'bookdb'@'%' identified by 'bookdbpass';
Query OK, 0 rows affected
MariaDB [books]> grant all privileges on books.* to 'bookdb'@'%';
Query OK, 0 rows affected
MariaDB [books]> exit
Bye
- Test your access as user bookdb:
$ mysql -u bookdb -pbookdbpass books
MariaDB [books]>
$ select count(*) from books;
+----------+
| count(*) |
+----------+
| 211 |
+----------+
1 row in set (0.008 sec)
$ select * from books;
$ exit
Bye
- Exit the container and save the Docker image:
$ exit
$ docker commit --change='CMD ["/usr/bin/mysqld_safe"]' --change='EXPOSE 3306' <containerid> bookdb
- After the container runs to your satisfaction, kill the container:
$ docker ps
$ docker kill <containerid>
To create a web server that will access the database, you will create the following:
- A .php file.
- A Dockerfile to create the web server docker image.
- A bookdbdeployment.yml file to run the mariadb database.
- A bookdbservice.yml file to make MariaDB accessible under the name needed for the app - bookdbserver (internally in k8s this works by registering the service name with cluster local DNS service).
- A bookdbapp.yml deployment file
- A bookdbapp.yml service file
index.php file:
<?php
$conn = new mysqli("bookdbserver", "bookdb", "bookdbpass", "books");
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT count(*) AS total FROM books";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
$count = $result->fetch_assoc();
echo $count['total'];
$offset = rand(1,$count['total']-1);
$sql2 = "SELECT title, author from books LIMIT ".$offset.",1";
$result2 = $conn->query($sql2);
if ($result2->num_rows > 0) {
echo "<HTML><BODY><TABLE>";
// output data of each row
while($row = $result2->fetch_assoc()) {
echo "<TR><TD>".$row['title']."</TD><TD>".$row['author']."</TD></TR>";
}
echo "</TABLE></BODY></HTML>";
}
} else {
echo "0 results";
}
$conn->close();
?>
Dockerfile:
FROM ubuntu
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN apt-get install -y apache2 php php-mysql libapache2-mod-php
COPY index.php /var/www/html
EXPOSE 80
CMD ["apachectl","-DFOREGROUND"]
- Build your image:
$ docker build . --tag=bookdbapp
$ docker run -p 80:80 --link <docker-container-name-from-step-1>:bookdpapp bookdpapp
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.3…………………………...
You should now be able to access the application via URL or the IP that your container runs on (run docker inspect bridge to confirm). You should now be able to run these images on minikube and add a second web server and a load-balancing service.
- Tag and push the images to Docker Hub:
docker tag <imageid> <userid>/bookdb
docker tag <imageid> <userid>/bookdbapp
docker push <userid>/bookdb
docker push <userid>/bookdbapp
- Using a text editor of your choice, create the following scripts:
bookdb.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: bookdb
labels:
app: bookdb
spec:
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
app: bookdb
template:
metadata:
labels:
app: bookdb
spec:
containers:
- name: bookdb
image: <userid>/bookdb:latest
imagePullPolicy: Always
bookdbdeployment.yaml:
kind: Service
apiVersion: v1
metadata:
name: bookdbserver
spec:
selector:
app: bookdb
ports:
- protocol: TCP
port: 3306
targetPort: 3306
bookdbappdeployment.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
name: bookdbapp
labels:
app: bookdbapp
spec:
replicas: 2
strategy:
type: RollingUpdate
selector:
matchLabels:
app: bookdbapp
template:
metadata:
labels:
app: bookdbapp
spec:
containers:
- name: bookdbapp
image: <userid>/bookdbapp:latest
imagePullPolicy: Always
bookdbappservice.yaml:
kind: Service
apiVersion: v1
metadata:
name: bookdbapp
spec:
selector:
app: bookdbapp
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 80
- Run your Service:
$ minikube start
$ kubectl create -f bookdbdeployment.yaml
service/bookdbserver created
$ kubectl create -f bookdbservice.yaml
deployment.apps/bookdbapp created
$ kubectl create -f bookdbappdeployment.yaml
$ kubectl create -f bookdbappservice.yaml
- Test your minikube server:
$ minikube service bookdbapp --url
$ curl <URL>
Note: Add index.php
to the URL if you are getting the apache setup page.
- Now that you have some applications running, you can check out the status of the Deployments and Services via the minikube dashboard.
- After the container runs to your satisfaction, kill the container:
$ kubectl delete service bookdbapp bookdbserver
$ kubectl delete deployment bookdbapp bookdb
$ minikube stop
Next Module
Module 4: Autoscaling in Kubernetes