====== Runbook: Kubernetes ======

<WRAP round info>
**Trajanje:** ~30 minuta \\
**Uloga:** DevOps, Platform Engineer \\
**Preduvjet:** kubectl, Kubernetes-Cluster
</WRAP>

Data Gateway deployment u Kubernetes.

----

===== Tijek rada =====

<mermaid>
flowchart TD
    A[Start] --> B[Namespace kreirati]
    B --> C[ConfigMap/Secret]
    C --> D[Deployment]
    D --> E[Service]
    E --> F[Ingress]
    F --> G[Health Check]
    G --> H{OK?}
    H -->|Da| I[Gotovo]
    H -->|Ne| J[kubectl logs]

    style I fill:#e8f5e9
    style J fill:#ffebee
</mermaid>

----

===== 1. Namespace kreirati =====

<code bash>
kubectl create namespace data-gateway
kubectl config set-context --current --namespace=data-gateway
</code>

----

===== 2. ConfigMap za konfiguraciju =====

<code yaml>
# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: gateway-config
  namespace: data-gateway
data:
  appsettings.json: |
    {
      "Gateway": {
        "Databases": {
          "demo": {
            "Provider": "sqlite",
            "ConnectionString": "Data Source=/app/data/demo.db"
          }
        }
      },
      "Logging": {
        "LogLevel": {
          "Default": "Information"
        }
      }
    }
</code>

<code bash>
kubectl apply -f configmap.yaml
</code>

----

===== 3. Secret za Credentials =====

<code bash>
# Secret kreirati
kubectl create secret generic gateway-secrets \
    --from-literal=DB_PASSWORD='secret123' \
    -n data-gateway
</code>

Ili deklarativno:

<code yaml>
# secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: gateway-secrets
  namespace: data-gateway
type: Opaque
stringData:
  DB_PASSWORD: "secret123"
</code>

----

===== 4. Deployment =====

<code yaml>
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: data-gateway
  namespace: data-gateway
  labels:
    app: data-gateway
spec:
  replicas: 2
  selector:
    matchLabels:
      app: data-gateway
  template:
    metadata:
      labels:
        app: data-gateway
    spec:
      containers:
        - name: gateway
          image: registry.example.com/data-gateway:v3.0
          ports:
            - containerPort: 5000
              name: http
          env:
            - name: ASPNETCORE_ENVIRONMENT
              value: "Production"
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: gateway-secrets
                  key: DB_PASSWORD
          volumeMounts:
            - name: config
              mountPath: /app/appsettings.json
              subPath: appsettings.json
            - name: data
              mountPath: /app/data
          resources:
            requests:
              memory: "256Mi"
              cpu: "250m"
            limits:
              memory: "512Mi"
              cpu: "500m"
          livenessProbe:
            httpGet:
              path: /health
              port: 5000
            initialDelaySeconds: 10
            periodSeconds: 30
          readinessProbe:
            httpGet:
              path: /health
              port: 5000
            initialDelaySeconds: 5
            periodSeconds: 10
      volumes:
        - name: config
          configMap:
            name: gateway-config
        - name: data
          persistentVolumeClaim:
            claimName: gateway-data
</code>

<code bash>
kubectl apply -f deployment.yaml
</code>

----

===== 5. PersistentVolumeClaim =====

<code yaml>
# pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: gateway-data
  namespace: data-gateway
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: standard  # Prilagoditi clusteru
</code>

----

===== 6. Service =====

<code yaml>
# service.yaml
apiVersion: v1
kind: Service
metadata:
  name: data-gateway
  namespace: data-gateway
spec:
  selector:
    app: data-gateway
  ports:
    - port: 80
      targetPort: 5000
      protocol: TCP
  type: ClusterIP
</code>

<code bash>
kubectl apply -f service.yaml
</code>

----

===== 7. Ingress =====

<code yaml>
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: data-gateway
  namespace: data-gateway
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - gateway.example.com
      secretName: gateway-tls
  rules:
    - host: gateway.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: data-gateway
                port:
                  number: 80
</code>

<code bash>
kubectl apply -f ingress.yaml
</code>

----

===== 8. Health Check =====

<code bash>
# Pod status
kubectl get pods -n data-gateway

# Pod logovi
kubectl logs -f deployment/data-gateway -n data-gateway

# Port-Forward za lokalni test
kubectl port-forward svc/data-gateway 5000:80 -n data-gateway

# U novom terminalu:
curl http://localhost:5000/health
</code>

----

===== 9. Kontrolna lista =====

| # | Provjera | Da/Ne |
|---|-----------|---|
| 1 | Namespace kreiran | - |
| 2 | ConfigMap apliciran | - |
| 3 | Secret kreiran | - |
| 4 | PVC kreiran | - |
| 5 | Deployment apliciran | - |
| 6 | Service apliciran | - |
| 7 | Ingress apliciran | - |
| 8 | Pods Running | - |
| 9 | Health Check OK | - |

----

===== Kubectl naredbe =====

| Naredba | Opis |
|--------|--------------|
| ''kubectl get pods'' | Prikaz podova |
| ''kubectl logs -f <pod>'' | Live logovi |
| ''kubectl describe pod <pod>'' | Pod detalji |
| ''kubectl exec -it <pod> -- sh'' | Shell u podu |
| ''kubectl rollout restart deployment/data-gateway'' | Rolling Restart |
| ''kubectl scale deployment/data-gateway --replicas=3'' | Skaliranje |

----

===== Rjesavanje problema =====

| Problem | Uzrok | Rjesenje |
|---------|---------|--------|
| ''ImagePullBackOff'' | Image nije pronaden | Registry/Tag provjeriti |
| ''CrashLoopBackOff'' | App se ne pokrece | ''kubectl logs'' provjeriti |
| ''Pending'' | Nema dostupnog nodea | Resources smanjiti |
| ''0/1 Ready'' | Readiness-Probe neuspjesna | Probe-Config provjeriti |

----

===== HorizontalPodAutoscaler =====

<code yaml>
# hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: data-gateway
  namespace: data-gateway
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: data-gateway
  minReplicas: 2
  maxReplicas: 10
  metrics:
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          averageUtilization: 70
</code>

----

===== Povezani runbookovi =====

  * [[.:docker|Docker]] - Bazni image
  * [[..:monitoring:prometheus|Prometheus]] - Metrics u K8s
  * [[..:sicherheit:tls-einrichten|TLS postavljanje]] - Cert-Manager

----

<< [[.:docker|<- Docker]] | [[..:start|-> Operator pregled]] >>

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Data Gateway Professional//

{{tag>operator runbook kubernetes k8s deployment}}