Since Podman is not attached to the Docker registry by default, you also have to specify this in Dockerfiles.
#+begin_src docker
FROM docker.io/alpine
#+end_src
You can make Podman search through DockerHub by setting it as one of the fallback registries.
Just set =unqualified-search-registries= from your container configuration (see =containers-registries.conf.5= manual page for more details).
#+begin_src toml
unqualified-search-registries = ['docker.io']
#+end_src
Don't forget to login to DockerHub (e.g., ~podman login docker.io~).
* Trade-offs for monoliths and microservices
From the early stages of application development, it is fundamental to understand the requirements and available resources.
Overall, these will contour the architecture decisions.
Imagine this scenario: you are part of the team that needs to outline the structure of a centralized system to book flight tickets for different airlines.
At this stage, the clients require the front-end(UI), payment, and customer functionalities to be designed.
Also, these are the individual requirements of each airline:
- Airline A - payments should be allowed only through PayPal
- Airline B - payments should be disabled (bookings will be exclusively in person or via telephone)
- Airline C - payments should be allowed to use PayPal and debit cards
Using the above requirements, outline the application architecture.
Also, elaborate your reasoning on choosing a microservice or monolith based approach.
** Solution
Considering that the airlines has an overlap of use cases particularly with Airline A and C both allowing Paypal, we're leaning into considering a microservice architecture.
Each component in the service can then be configured individually by the development team of each airline.
We could also take in the factor if one of the airline changes its requirements, we would only have to inspect one component.
Having an monolith would be nice that all of the requirements of the airlines is wrapped in one package but if one team would have to maintain it, it would require them to go through the entire stack of each airline.
In this case, they would have to do it three times.
In my opinion, microservices would be a better choice.
Here's the summarized outline of the application design we're going to develop.
- Each component of the application would have to be stored with their own repository.
- The front-end can be developed in parallel as we prioritize the payment system.
We can then improve it as we develop the other and ideally make it easy for the clients to modify it for their own needs.
- The payment system can then be configured to integrate with different services or be disabled entirely.
- Set up individual pipelines for each component as we can test them individually at different pace.
* Endpoints for an application status
This exercise can be located in the Lesson 1 exercise repo at =exercises/python-helloworld=.
Extend the Python Flask application with /status and /metrics endpoints, considering the following requirements:
- Both endpoints should return an HTTP 200 status code
- Both endpoints should return a JSON response e.g. ={"user": "admin"}=. (Note: the JSON response can be hardcoded at this stage)
- The =/status= endpoint should return a response similar to this example: =result: OK - healthy=
- The =/metrics= endpoint should return a response similar to this example: =data: {UserCount: 140, UserCountActive: 23}=
** Solution
For the prerequisites, you can just install Flask and you're mostly done.
For future references, here are the version of the tools I've used at the time.
Create the Docker image for the Go web application and push it to DockerHub, considering the following requirements:
Dockerfile:
- use the =golang:alpine= base image
- set the working directory to =/go/src/app=
- make sure to copy all the files from the current directory to the container working directory (e.g. =/go/src/app=)
- to build the application, use =go build -o helloworld= command, where =-o helloworld= will create the binary of the application with the name =helloworld=
- the application should be accessible on port =6111=
- and lastly, the command to start the container is to invoke the binary created earlier, which is =./helloworld=
Docker image:
- should have the name =go-helloworld=
- should have a valid tag, and a version with a major, minor, and patch included
- should be available in DockerHub, under your username e.g. =pixelpotato/go-helloworld=
Docker container:
- should be running on your local machine, by referencing the image from the DockerHub with a valid tag e.g. =pixelpotato/go-helloworld:v5.12.3=
** First working solution
This should be simple enough as we can see from the file structure.
#+begin_src
go-helloworld
├── main.go
└── README.md
#+end_src
As for the Dockerfile, I've made the following:
#+begin_src docker
FROM docker.io/golang:alpine
COPY . /go/src/app
WORKDIR /go/src/app
RUN go build -o helloworld main.go
CMD ["./helloworld"]
#+end_src
As for the requirements of the images and running the containerized app, we'll summarize it with the following Bash script.
# Create another image to push it into the Docker registry with the proper naming.
podman tag "$IMG" "$REMOTE_IMG"
# Push the image to the Docker registry.
podman push "$REMOTE_IMG"
#+end_src
** Findings after solution
I guess my solution is close enough, I didn't realize the application should be configured its port to be exposed already in the Dockerfile and not when running the containerized app.
Whoops!
Apparently, there is the [[https://docs.docker.com/engine/reference/builder/#expose][=EXPOSE=]] instruction, just requiring a port number.
I also tested the Dockerfile from the solution and it still gave me an error from build time.
I also didn't realize the solution is pretty much how the instructions laid it out.
At the end, it should look like the following code.
#+begin_src docker
FROM docker.io/golang:alpine
WORKDIR /go/src/app
ADD . .
RUN go build -o helloworld main.go
EXPOSE 6111
CMD ["./helloworld"]
#+end_src
* Deploy your first Kubernetes cluster
Now you should have a Kubernetes cluster up and running.
Examine the cluster and identity of the following details.
From the kubeconfig, identify:
- the IP and port of the API server
- authentication mechanism
From the cluster using kubectl commands to identify:
- endpoints of the control plane and add-ons
- amount of nodes
- node internal IP
- the pod CIDR allocate to the node
** Solution
From my setup with the given Vagrantfile from the lesson repo — i.e., after installing k3s in the virtual machine — you can inspect the kubeconfig located at =/etc/rancher/k3s/k3s.yaml=.
The IP and the port of the API server is visible from there.
In my case, it is 127.0.0.1 at port 6443.
As for the authentication mechanism, I'm not sure.
Both the cluster and the user have an attached certificate data.
It seems to be using matching certificate data from the user and the cluster.
As for getting cluster-related information.
- Getting the endpoints of the control plane and the add-ons through ~kubectl cluster-info~.
- One way of getting the amount of nodes is through ~kubectl get nodes~ where it will print the nodes and their information one line at a time.
- For the node's internal IP and the pod CIDR, both of them can be extracted with ~kubectl describe node ${NODE_NAME}~.
** Findings after solution
I mostly got it right.
It turns out there are [[https://kubernetes.io/docs/reference/access-authn-authz/authentication/][different methods for authentication]].
While the solution gave it as user and passwords, the kubeconfig I have seem to be using keys and certificates. [fn:: I'm using the default installation from k3s for future references.]
Also, you can get the configuration of the cluster with ~kubectl config view~.
The command used to create the starting template is ~kubectl create deployment nginx-alpine --namespace=demo --replicas=3 --image=nginx:alpine --dry-run=client --output=yaml~.
The resulting YAML output is from running the command (i.e., ~kubectl create configmap nginx-version --from-literal=version=alpine --dry-run=client --output=yaml --namespace=demo~).
Create a new GitHub Actions in the =/.github/workflows/docker-build.yml= that will build and push the Docker image for a Python web application, with the following requirements:
- Image name: =python-helloworld=
- Tag: =latest=
- Platforms: =platforms: linux/amd64,linux/arm64=
GitHub marketplace has a rich suite of upstream actions that can be easily integrated within a repository.
One of the upstream action is [[https://github.com/marketplace/actions/build-and-push-docker-images][Build and Push Docker images]], which can be used to implement the required CI task.
The above GitHub action uses DockerHub Tokens and encrypted GitHub secrets to login into DockerHub and to push new images.
To set up these credentials refer to the following resources:
After creating a DockerHub access token (that serves as an alternative to passwords) and creating a GitHub encrypted secret, the workflow should now work.
Using the manifests provided in the course repository, create a helm chart (Chart.yaml, templates, values.yaml) that will template the following parameters:
- namespace name
- replica count
- image:
+ name
+ tag
+ pull policy
- resources
+ requests for CPU and memory
- service
+ port
+ type (e.g. ClusterIP)
- configmap data (e.g. the key-value pair)
The chart details should be as following:
- name: nginx-deployment
- version: 1.0.0
- keywords: nginx
Once the Helm chart is available make sure that a default values.yaml file is available. This values file will be used as a default input file for the Helm chart. The values.yaml file should have the following specification:
- values.yaml
+ namespace name: demo
+ replica count: 3
+ image repository: nginx
+ image tag: alpine
+ image pull policy: IfNotPresent
+ resources: CPU 50m and memory 256Mi
+ service type: ClusterIP
+ service port: 8111
+ configmap data: "version: alpine"
Next, create 2 values files with the following specifications:
- values-staging.yaml
+ namespace name: staging
+ replica count: 1
+ image repository: nginx
+ image tag: 1.18.0
+ resources: CPU 50m and memory 128Mi
+ configmap data: "version: 1.18.0"
- values-prod.yaml
+ namespace name: prod
+ replica count: 2
+ image repository: nginx
+ image tag: 1.17.0
+ resources: CPU 70m and memory 256Mi
+ service port: 80
+ configmap data: "version: 1.17.0"
Finally, using the values files above (values-prod, values-staging), create 2 ArgoCD application, nginx-staging and nginx-prod respectively. These should deploy the nginx Helm Chart referencing each input values files.
** Solution
With the given manifests, we'll have to create a Helm package (or a Chart).
To deploy it in ArgoCD, we'll just have to specify it in the ArgoCD manifest.
Since ArgoCD is heavily a GitOps tool, we have to put the files in a Git repo.
For now, let's assume the course repo as ours. [fn:: Be sure to be honest to compare with the solutions from the repo.]
Just change the Git repo URL and the path if you have your own version.
Additionally, the exercise requires to deploy two ArgoCD applications: one for staging (i.e., =nginx-staging=) and production version (i.e., =nginx-prod=) of the app.
