Inhaltsverzeichnis

Runbook: Kubernetes

Runbook: Kubernetes

Trajanje: ~30 minuta
Uloga: DevOps, Platform Engineer
Preduvjet: kubectl, Kubernetes-Cluster

Data Gateway deployment u Kubernetes.

Tijek rada

flowchart TD A[Start] --> B[Namespace kreirati] B --> C[ConfigMap/Secret] C --> D[Deployment] D --> E[Service] E --> F[Ingress] F --> G[Health Check] G --> H{OK?} H -->|Da| I[Gotovo] H -->|Ne| J[kubectl logs] style I fill:#e8f5e9 style J fill:#ffebee

1. Namespace kreirati

kubectl create namespace data-gateway
kubectl config set-context --current --namespace=data-gateway

2. ConfigMap za konfiguraciju

# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: gateway-config
  namespace: data-gateway
data:
  appsettings.json: |
    {
      "Gateway": {
        "Databases": {
          "demo": {
            "Provider": "sqlite",
            "ConnectionString": "Data Source=/app/data/demo.db"
          }
        }
      },
      "Logging": {
        "LogLevel": {
          "Default": "Information"
        }
      }
    }

kubectl apply -f configmap.yaml

3. Secret za Credentials

# Secret kreirati
kubectl create secret generic gateway-secrets \
    --from-literal=DB_PASSWORD='secret123' \
    -n data-gateway

Ili deklarativno:

# secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: gateway-secrets
  namespace: data-gateway
type: Opaque
stringData:
  DB_PASSWORD: "secret123"

4. Deployment

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: data-gateway
  namespace: data-gateway
  labels:
    app: data-gateway
spec:
  replicas: 2
  selector:
    matchLabels:
      app: data-gateway
  template:
    metadata:
      labels:
        app: data-gateway
    spec:
      containers:
        - name: gateway
          image: registry.example.com/data-gateway:v3.0
          ports:
            - containerPort: 5000
              name: http
          env:
            - name: ASPNETCORE_ENVIRONMENT
              value: "Production"
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: gateway-secrets
                  key: DB_PASSWORD
          volumeMounts:
            - name: config
              mountPath: /app/appsettings.json
              subPath: appsettings.json
            - name: data
              mountPath: /app/data
          resources:
            requests:
              memory: "256Mi"
              cpu: "250m"
            limits:
              memory: "512Mi"
              cpu: "500m"
          livenessProbe:
            httpGet:
              path: /health
              port: 5000
            initialDelaySeconds: 10
            periodSeconds: 30
          readinessProbe:
            httpGet:
              path: /health
              port: 5000
            initialDelaySeconds: 5
            periodSeconds: 10
      volumes:
        - name: config
          configMap:
            name: gateway-config
        - name: data
          persistentVolumeClaim:
            claimName: gateway-data

kubectl apply -f deployment.yaml

5. PersistentVolumeClaim

# pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: gateway-data
  namespace: data-gateway
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: standard  # Prilagoditi clusteru

6. Service

# service.yaml
apiVersion: v1
kind: Service
metadata:
  name: data-gateway
  namespace: data-gateway
spec:
  selector:
    app: data-gateway
  ports:
    - port: 80
      targetPort: 5000
      protocol: TCP
  type: ClusterIP

kubectl apply -f service.yaml

7. Ingress

# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: data-gateway
  namespace: data-gateway
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - gateway.example.com
      secretName: gateway-tls
  rules:
    - host: gateway.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: data-gateway
                port:
                  number: 80

kubectl apply -f ingress.yaml

8. Health Check

# Pod status
kubectl get pods -n data-gateway
 
# Pod logovi
kubectl logs -f deployment/data-gateway -n data-gateway
 
# Port-Forward za lokalni test
kubectl port-forward svc/data-gateway 5000:80 -n data-gateway
 
# U novom terminalu:
curl http://localhost:5000/health

9. Kontrolna lista

#	Provjera	Da/Ne
—	———–	—
1	Namespace kreiran	-
2	ConfigMap apliciran	-
3	Secret kreiran	-
4	PVC kreiran	-
5	Deployment apliciran	-
6	Service apliciran	-
7	Ingress apliciran	-
8	Pods Running	-
9	Health Check OK	-

Kubectl naredbe

Naredba	Opis
——–	————–
`kubectl get pods`	Prikaz podova
`kubectl logs -f <pod>`	Live logovi
`kubectl describe pod <pod>`	Pod detalji
`kubectl exec -it <pod> – sh`	Shell u podu
`kubectl rollout restart deployment/data-gateway`	Rolling Restart
`kubectl scale deployment/data-gateway –replicas=3`	Skaliranje

Rjesavanje problema

Problem	Uzrok	Rjesenje
———	———	——–
`ImagePullBackOff`	Image nije pronaden	Registry/Tag provjeriti
`CrashLoopBackOff`	App se ne pokrece	`kubectl logs` provjeriti
`Pending`	Nema dostupnog nodea	Resources smanjiti
`0/1 Ready`	Readiness-Probe neuspjesna	Probe-Config provjeriti

HorizontalPodAutoscaler

# hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: data-gateway
  namespace: data-gateway
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: data-gateway
  minReplicas: 2
  maxReplicas: 10
  metrics:
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          averageUtilization: 70

Povezani runbookovi

Docker - Bazni image
Prometheus - Metrics u K8s
TLS postavljanje - Cert-Manager

« <- Docker | -> Operator pregled »

Wolfgang van der Stille @ EMSR DATA d.o.o. - Data Gateway Professional

operator, runbook, kubernetes, k8s, deployment