====== Runbook: Kubernetes ======
**Trajanje:** ~30 minut \\
**Vloga:** DevOps, Platform Engineer \\
**Predpogoj:** kubectl, Kubernetes gruča
Namestitev Data Gateway v Kubernetes.
----
===== Potek dela =====
flowchart TD
A[Začetek] --> B[Ustvari Namespace]
B --> C[ConfigMap/Secret]
C --> D[Deployment]
D --> E[Service]
E --> F[Ingress]
F --> G[Health Check]
G --> H{V redu?}
H -->|Da| I[Končano]
H -->|Ne| J[kubectl logs]
style I fill:#e8f5e9
style J fill:#ffebee
----
===== 1. Ustvarjanje Namespace =====
kubectl create namespace data-gateway
kubectl config set-context --current --namespace=data-gateway
----
===== 2. ConfigMap za konfiguracijo =====
# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: gateway-config
namespace: data-gateway
data:
appsettings.json: |
{
"Gateway": {
"Databases": {
"demo": {
"Provider": "sqlite",
"ConnectionString": "Data Source=/app/data/demo.db"
}
}
},
"Logging": {
"LogLevel": {
"Default": "Information"
}
}
}
kubectl apply -f configmap.yaml
----
===== 3. Secret za poverilnice =====
# Ustvari Secret
kubectl create secret generic gateway-secrets \
--from-literal=DB_PASSWORD='secret123' \
-n data-gateway
Ali deklarativno:
# secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: gateway-secrets
namespace: data-gateway
type: Opaque
stringData:
DB_PASSWORD: "secret123"
----
===== 4. Deployment =====
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: data-gateway
namespace: data-gateway
labels:
app: data-gateway
spec:
replicas: 2
selector:
matchLabels:
app: data-gateway
template:
metadata:
labels:
app: data-gateway
spec:
containers:
- name: gateway
image: registry.example.com/data-gateway:v3.0
ports:
- containerPort: 5000
name: http
env:
- name: ASPNETCORE_ENVIRONMENT
value: "Production"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: gateway-secrets
key: DB_PASSWORD
volumeMounts:
- name: config
mountPath: /app/appsettings.json
subPath: appsettings.json
- name: data
mountPath: /app/data
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 5000
initialDelaySeconds: 10
periodSeconds: 30
readinessProbe:
httpGet:
path: /health
port: 5000
initialDelaySeconds: 5
periodSeconds: 10
volumes:
- name: config
configMap:
name: gateway-config
- name: data
persistentVolumeClaim:
claimName: gateway-data
kubectl apply -f deployment.yaml
----
===== 5. PersistentVolumeClaim =====
# pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gateway-data
namespace: data-gateway
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: standard # Prilagodi gruči
----
===== 6. Service =====
# service.yaml
apiVersion: v1
kind: Service
metadata:
name: data-gateway
namespace: data-gateway
spec:
selector:
app: data-gateway
ports:
- port: 80
targetPort: 5000
protocol: TCP
type: ClusterIP
kubectl apply -f service.yaml
----
===== 7. Ingress =====
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: data-gateway
namespace: data-gateway
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: nginx
tls:
- hosts:
- gateway.example.com
secretName: gateway-tls
rules:
- host: gateway.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: data-gateway
port:
number: 80
kubectl apply -f ingress.yaml
----
===== 8. Health Check =====
# Status podov
kubectl get pods -n data-gateway
# Dnevniki podov
kubectl logs -f deployment/data-gateway -n data-gateway
# Port-Forward za lokalni test
kubectl port-forward svc/data-gateway 5000:80 -n data-gateway
# V novem terminalu:
curl http://localhost:5000/health
----
===== 9. Kontrolni seznam =====
| # | Točka preverjanja | V |
|---|-----------|---|
| 1 | Namespace ustvarjen | |
| 2 | ConfigMap uveljavljen | |
| 3 | Secret ustvarjen | |
| 4 | PVC ustvarjen | |
| 5 | Deployment uveljavljen | |
| 6 | Service uveljavljen | |
| 7 | Ingress uveljavljen | |
| 8 | Podi Running | |
| 9 | Health Check v redu | |
----
===== Kubectl ukazi =====
| Ukaz | Opis |
|--------|--------------|
| ''kubectl get pods'' | Prikaži pode |
| ''kubectl logs -f '' | Live dnevniki |
| ''kubectl describe pod '' | Podrobnosti poda |
| ''kubectl exec -it -- sh'' | Lupina v podu |
| ''kubectl rollout restart deployment/data-gateway'' | Rolling Restart |
| ''kubectl scale deployment/data-gateway --replicas=3'' | Skaliranje |
----
===== Odpravljanje težav =====
| Težava | Vzrok | Rešitev |
|---------|---------|--------|
| ''ImagePullBackOff'' | Slika ni najdena | Preveri register/tag |
| ''CrashLoopBackOff'' | Aplikacija se ne zažene | Preveri ''kubectl logs'' |
| ''Pending'' | Ni razpoložljivega vozlišča | Zmanjšaj Resources |
| ''0/1 Ready'' | Readiness-Probe neuspešna | Preveri konfiguracijo preverbe |
----
===== HorizontalPodAutoscaler =====
# hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: data-gateway
namespace: data-gateway
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: data-gateway
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
----
===== Povezani Runbooks =====
* [[.:docker|Docker]] - Osnovna slika
* [[..:monitoring:prometheus|Prometheus]] - Metrike v K8s
* [[..:sicherheit:tls-einrichten|Nastavitev TLS]] - Cert-Manager
----
<< [[.:docker|<- Docker]] | [[..:start|-> Pregled operaterja]] >>
----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Data Gateway Professional//
{{tag>operator runbook kubernetes k8s deployment}}