Inhaltsverzeichnis

Runbook: Kubernetes

Runbook: Kubernetes

Duration: ~30 minutes
Role: DevOps, Platform Engineer
Prerequisite: kubectl, Kubernetes cluster

Deploy Data Gateway in Kubernetes.

Workflow

flowchart TD A[Start] --> B[Create namespace] B --> C[ConfigMap/Secret] C --> D[Deployment] D --> E[Service] E --> F[Ingress] F --> G[Health Check] G --> H{OK?} H -->|Yes| I[Done] H -->|No| J[kubectl logs] style I fill:#e8f5e9 style J fill:#ffebee

1. Create Namespace

kubectl create namespace data-gateway
kubectl config set-context --current --namespace=data-gateway

2. ConfigMap for Configuration

# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: gateway-config
  namespace: data-gateway
data:
  appsettings.json: |
    {
      "Gateway": {
        "Databases": {
          "demo": {
            "Provider": "sqlite",
            "ConnectionString": "Data Source=/app/data/demo.db"
          }
        }
      },
      "Logging": {
        "LogLevel": {
          "Default": "Information"
        }
      }
    }

kubectl apply -f configmap.yaml

3. Secret for Credentials

# Create secret
kubectl create secret generic gateway-secrets \
    --from-literal=DB_PASSWORD='secret123' \
    -n data-gateway

Or declaratively:

# secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: gateway-secrets
  namespace: data-gateway
type: Opaque
stringData:
  DB_PASSWORD: "secret123"

4. Deployment

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: data-gateway
  namespace: data-gateway
  labels:
    app: data-gateway
spec:
  replicas: 2
  selector:
    matchLabels:
      app: data-gateway
  template:
    metadata:
      labels:
        app: data-gateway
    spec:
      containers:
        - name: gateway
          image: registry.example.com/data-gateway:v3.0
          ports:
            - containerPort: 5000
              name: http
          env:
            - name: ASPNETCORE_ENVIRONMENT
              value: "Production"
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: gateway-secrets
                  key: DB_PASSWORD
          volumeMounts:
            - name: config
              mountPath: /app/appsettings.json
              subPath: appsettings.json
            - name: data
              mountPath: /app/data
          resources:
            requests:
              memory: "256Mi"
              cpu: "250m"
            limits:
              memory: "512Mi"
              cpu: "500m"
          livenessProbe:
            httpGet:
              path: /health
              port: 5000
            initialDelaySeconds: 10
            periodSeconds: 30
          readinessProbe:
            httpGet:
              path: /health
              port: 5000
            initialDelaySeconds: 5
            periodSeconds: 10
      volumes:
        - name: config
          configMap:
            name: gateway-config
        - name: data
          persistentVolumeClaim:
            claimName: gateway-data

kubectl apply -f deployment.yaml

5. PersistentVolumeClaim

# pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: gateway-data
  namespace: data-gateway
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: standard  # Adjust to cluster

6. Service

# service.yaml
apiVersion: v1
kind: Service
metadata:
  name: data-gateway
  namespace: data-gateway
spec:
  selector:
    app: data-gateway
  ports:
    - port: 80
      targetPort: 5000
      protocol: TCP
  type: ClusterIP

kubectl apply -f service.yaml

7. Ingress

# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: data-gateway
  namespace: data-gateway
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - gateway.example.com
      secretName: gateway-tls
  rules:
    - host: gateway.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: data-gateway
                port:
                  number: 80

kubectl apply -f ingress.yaml

8. Health Check

# Pod status
kubectl get pods -n data-gateway
 
# Pod logs
kubectl logs -f deployment/data-gateway -n data-gateway
 
# Port forward for local test
kubectl port-forward svc/data-gateway 5000:80 -n data-gateway
 
# In new terminal:
curl http://localhost:5000/health

9. Checklist

#	Check	Done
—	——-	——
1	Namespace created	[ ]
2	ConfigMap applied	[ ]
3	Secret created	[ ]
4	PVC created	[ ]
5	Deployment applied	[ ]
6	Service applied	[ ]
7	Ingress applied	[ ]
8	Pods Running	[ ]
9	Health Check OK	[ ]

Kubectl Commands

Command	Description
———	————-
`kubectl get pods`	Show pods
`kubectl logs -f <pod>`	Live logs
`kubectl describe pod <pod>`	Pod details
`kubectl exec -it <pod> – sh`	Shell in pod
`kubectl rollout restart deployment/data-gateway`	Rolling restart
`kubectl scale deployment/data-gateway –replicas=3`	Scale

Troubleshooting

Problem	Cause	Solution
———	——-	———-
`ImagePullBackOff`	Image not found	Check registry/tag
`CrashLoopBackOff`	App won't start	Check `kubectl logs`
`Pending`	No node available	Reduce resources
`0/1 Ready`	Readiness probe failed	Check probe config

HorizontalPodAutoscaler

# hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: data-gateway
  namespace: data-gateway
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: data-gateway
  minReplicas: 2
  maxReplicas: 10
  metrics:
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          averageUtilization: 70

Related Runbooks

Docker - Base image
Prometheus - Metrics in K8s
Set Up TLS - Cert-Manager

« <- Docker | -> Operator Overview »

Wolfgang van der Stille @ EMSR DATA d.o.o. - Data Gateway Professional

operator, runbook, kubernetes, k8s, deployment