====== Runbook: Kubernetes ======

<WRAP round info>
**Durata:** ~30 minuti \\
**Ruolo:** DevOps, Platform Engineer \\
**Prerequisito:** kubectl, Cluster Kubernetes
</WRAP>

Deploy del Data Gateway in Kubernetes.

----

===== Workflow =====

<mermaid>
flowchart TD
    A[Start] --> B[Creare Namespace]
    B --> C[ConfigMap/Secret]
    C --> D[Deployment]
    D --> E[Service]
    E --> F[Ingress]
    F --> G[Health Check]
    G --> H{OK?}
    H -->|Si| I[Finito]
    H -->|No| J[kubectl logs]

    style I fill:#e8f5e9
    style J fill:#ffebee
</mermaid>

----

===== 1. Creare Namespace =====

<code bash>
kubectl create namespace data-gateway
kubectl config set-context --current --namespace=data-gateway
</code>

----

===== 2. ConfigMap per Configurazione =====

<code yaml>
# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: gateway-config
  namespace: data-gateway
data:
  appsettings.json: |
    {
      "Gateway": {
        "Databases": {
          "demo": {
            "Provider": "sqlite",
            "ConnectionString": "Data Source=/app/data/demo.db"
          }
        }
      },
      "Logging": {
        "LogLevel": {
          "Default": "Information"
        }
      }
    }
</code>

<code bash>
kubectl apply -f configmap.yaml
</code>

----

===== 3. Secret per Credenziali =====

<code bash>
# Creare Secret
kubectl create secret generic gateway-secrets \
    --from-literal=DB_PASSWORD='secret123' \
    -n data-gateway
</code>

Oppure dichiarativo:

<code yaml>
# secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: gateway-secrets
  namespace: data-gateway
type: Opaque
stringData:
  DB_PASSWORD: "secret123"
</code>

----

===== 4. Deployment =====

<code yaml>
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: data-gateway
  namespace: data-gateway
  labels:
    app: data-gateway
spec:
  replicas: 2
  selector:
    matchLabels:
      app: data-gateway
  template:
    metadata:
      labels:
        app: data-gateway
    spec:
      containers:
        - name: gateway
          image: registry.example.com/data-gateway:v3.0
          ports:
            - containerPort: 5000
              name: http
          env:
            - name: ASPNETCORE_ENVIRONMENT
              value: "Production"
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: gateway-secrets
                  key: DB_PASSWORD
          volumeMounts:
            - name: config
              mountPath: /app/appsettings.json
              subPath: appsettings.json
            - name: data
              mountPath: /app/data
          resources:
            requests:
              memory: "256Mi"
              cpu: "250m"
            limits:
              memory: "512Mi"
              cpu: "500m"
          livenessProbe:
            httpGet:
              path: /health
              port: 5000
            initialDelaySeconds: 10
            periodSeconds: 30
          readinessProbe:
            httpGet:
              path: /health
              port: 5000
            initialDelaySeconds: 5
            periodSeconds: 10
      volumes:
        - name: config
          configMap:
            name: gateway-config
        - name: data
          persistentVolumeClaim:
            claimName: gateway-data
</code>

<code bash>
kubectl apply -f deployment.yaml
</code>

----

===== 5. PersistentVolumeClaim =====

<code yaml>
# pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: gateway-data
  namespace: data-gateway
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: standard  # Adattare al cluster
</code>

----

===== 6. Service =====

<code yaml>
# service.yaml
apiVersion: v1
kind: Service
metadata:
  name: data-gateway
  namespace: data-gateway
spec:
  selector:
    app: data-gateway
  ports:
    - port: 80
      targetPort: 5000
      protocol: TCP
  type: ClusterIP
</code>

<code bash>
kubectl apply -f service.yaml
</code>

----

===== 7. Ingress =====

<code yaml>
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: data-gateway
  namespace: data-gateway
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - gateway.example.com
      secretName: gateway-tls
  rules:
    - host: gateway.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: data-gateway
                port:
                  number: 80
</code>

<code bash>
kubectl apply -f ingress.yaml
</code>

----

===== 8. Health Check =====

<code bash>
# Stato Pod
kubectl get pods -n data-gateway

# Log Pod
kubectl logs -f deployment/data-gateway -n data-gateway

# Port-Forward per test locale
kubectl port-forward svc/data-gateway 5000:80 -n data-gateway

# In nuovo terminale:
curl http://localhost:5000/health
</code>

----

===== 9. Checklist =====

| # | Punto di verifica | v |
|---|-----------|---|
| 1 | Namespace creato | ☐ |
| 2 | ConfigMap applicato | ☐ |
| 3 | Secret creato | ☐ |
| 4 | PVC creato | ☐ |
| 5 | Deployment applicato | ☐ |
| 6 | Service applicato | ☐ |
| 7 | Ingress applicato | ☐ |
| 8 | Pod Running | ☐ |
| 9 | Health Check OK | ☐ |

----

===== Comandi Kubectl =====

| Comando | Descrizione |
|--------|--------------|
| ''kubectl get pods'' | Mostrare Pod |
| ''kubectl logs -f <pod>'' | Log live |
| ''kubectl describe pod <pod>'' | Dettagli Pod |
| ''kubectl exec -it <pod> -- sh'' | Shell nel Pod |
| ''kubectl rollout restart deployment/data-gateway'' | Rolling Restart |
| ''kubectl scale deployment/data-gateway --replicas=3'' | Scalare |

----

===== Troubleshooting =====

| Problema | Causa | Soluzione |
|---------|---------|--------|
| ''ImagePullBackOff'' | Immagine non trovata | verificare Registry/Tag |
| ''CrashLoopBackOff'' | App non si avvia | controllare ''kubectl logs'' |
| ''Pending'' | Nessun Node disponibile | ridurre Resources |
| ''0/1 Ready'' | Readiness-Probe fallita | controllare config Probe |

----

===== HorizontalPodAutoscaler =====

<code yaml>
# hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: data-gateway
  namespace: data-gateway
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: data-gateway
  minReplicas: 2
  maxReplicas: 10
  metrics:
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          averageUtilization: 70
</code>

----

===== Runbook Correlati =====

  * [[.:docker|Docker]] - Immagine base
  * [[..:monitoring:prometheus|Prometheus]] - Metriche in K8s
  * [[..:sicherheit:tls-einrichten|Configurare TLS]] - Cert-Manager

----

<< [[.:docker|<- Docker]] | [[..:start|-> Panoramica Operatore]] >>

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Data Gateway Professional//

{{tag>operator runbook kubernetes k8s deployment}}