====== Runbook: Kubernetes ======
**Duration:** ~30 minutes \\
**Role:** DevOps, Platform Engineer \\
**Prerequisite:** kubectl, Kubernetes cluster
Deploy Data Gateway in Kubernetes.
----
===== Workflow =====
flowchart TD
A[Start] --> B[Create namespace]
B --> C[ConfigMap/Secret]
C --> D[Deployment]
D --> E[Service]
E --> F[Ingress]
F --> G[Health Check]
G --> H{OK?}
H -->|Yes| I[Done]
H -->|No| J[kubectl logs]
style I fill:#e8f5e9
style J fill:#ffebee
----
===== 1. Create Namespace =====
kubectl create namespace data-gateway
kubectl config set-context --current --namespace=data-gateway
----
===== 2. ConfigMap for Configuration =====
# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: gateway-config
namespace: data-gateway
data:
appsettings.json: |
{
"Gateway": {
"Databases": {
"demo": {
"Provider": "sqlite",
"ConnectionString": "Data Source=/app/data/demo.db"
}
}
},
"Logging": {
"LogLevel": {
"Default": "Information"
}
}
}
kubectl apply -f configmap.yaml
----
===== 3. Secret for Credentials =====
# Create secret
kubectl create secret generic gateway-secrets \
--from-literal=DB_PASSWORD='secret123' \
-n data-gateway
Or declaratively:
# secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: gateway-secrets
namespace: data-gateway
type: Opaque
stringData:
DB_PASSWORD: "secret123"
----
===== 4. Deployment =====
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: data-gateway
namespace: data-gateway
labels:
app: data-gateway
spec:
replicas: 2
selector:
matchLabels:
app: data-gateway
template:
metadata:
labels:
app: data-gateway
spec:
containers:
- name: gateway
image: registry.example.com/data-gateway:v3.0
ports:
- containerPort: 5000
name: http
env:
- name: ASPNETCORE_ENVIRONMENT
value: "Production"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: gateway-secrets
key: DB_PASSWORD
volumeMounts:
- name: config
mountPath: /app/appsettings.json
subPath: appsettings.json
- name: data
mountPath: /app/data
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 5000
initialDelaySeconds: 10
periodSeconds: 30
readinessProbe:
httpGet:
path: /health
port: 5000
initialDelaySeconds: 5
periodSeconds: 10
volumes:
- name: config
configMap:
name: gateway-config
- name: data
persistentVolumeClaim:
claimName: gateway-data
kubectl apply -f deployment.yaml
----
===== 5. PersistentVolumeClaim =====
# pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gateway-data
namespace: data-gateway
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: standard # Adjust to cluster
----
===== 6. Service =====
# service.yaml
apiVersion: v1
kind: Service
metadata:
name: data-gateway
namespace: data-gateway
spec:
selector:
app: data-gateway
ports:
- port: 80
targetPort: 5000
protocol: TCP
type: ClusterIP
kubectl apply -f service.yaml
----
===== 7. Ingress =====
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: data-gateway
namespace: data-gateway
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: nginx
tls:
- hosts:
- gateway.example.com
secretName: gateway-tls
rules:
- host: gateway.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: data-gateway
port:
number: 80
kubectl apply -f ingress.yaml
----
===== 8. Health Check =====
# Pod status
kubectl get pods -n data-gateway
# Pod logs
kubectl logs -f deployment/data-gateway -n data-gateway
# Port forward for local test
kubectl port-forward svc/data-gateway 5000:80 -n data-gateway
# In new terminal:
curl http://localhost:5000/health
----
===== 9. Checklist =====
| # | Check | Done |
|---|-------|------|
| 1 | Namespace created | [ ] |
| 2 | ConfigMap applied | [ ] |
| 3 | Secret created | [ ] |
| 4 | PVC created | [ ] |
| 5 | Deployment applied | [ ] |
| 6 | Service applied | [ ] |
| 7 | Ingress applied | [ ] |
| 8 | Pods Running | [ ] |
| 9 | Health Check OK | [ ] |
----
===== Kubectl Commands =====
| Command | Description |
|---------|-------------|
| ''kubectl get pods'' | Show pods |
| ''kubectl logs -f '' | Live logs |
| ''kubectl describe pod '' | Pod details |
| ''kubectl exec -it -- sh'' | Shell in pod |
| ''kubectl rollout restart deployment/data-gateway'' | Rolling restart |
| ''kubectl scale deployment/data-gateway --replicas=3'' | Scale |
----
===== Troubleshooting =====
| Problem | Cause | Solution |
|---------|-------|----------|
| ''ImagePullBackOff'' | Image not found | Check registry/tag |
| ''CrashLoopBackOff'' | App won't start | Check ''kubectl logs'' |
| ''Pending'' | No node available | Reduce resources |
| ''0/1 Ready'' | Readiness probe failed | Check probe config |
----
===== HorizontalPodAutoscaler =====
# hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: data-gateway
namespace: data-gateway
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: data-gateway
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
----
===== Related Runbooks =====
* [[.:docker|Docker]] - Base image
* [[..:monitoring:prometheus|Prometheus]] - Metrics in K8s
* [[..:sicherheit:tls-einrichten|Set Up TLS]] - Cert-Manager
----
<< [[.:docker|<- Docker]] | [[..:start|-> Operator Overview]] >>
----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Data Gateway Professional//
{{tag>operator runbook kubernetes k8s deployment}}