From 17809c992cd01da2407607080500ea4a664eb24e Mon Sep 17 00:00:00 2001 From: Marco Verleun Date: Thu, 19 May 2022 12:15:11 +0200 Subject: [PATCH] GO --- .editorconfig | 28 ++++++ .gitignore | 1 + Dockerfile-1 | 12 +++ Dockerfile-2 | 12 +++ Dockerfile-3 | 15 ++++ README.md | 154 +++++++++++++++++++++++++++++++++ app.py | 16 ++++ build.sh | 7 ++ helm/.helmignore | 24 +++++ helm/Chart.yaml | 25 ++++++ helm/templates/configMap.yaml | 8 ++ helm/templates/deployment.yaml | 69 +++++++++++++++ helm/templates/service.yaml | 15 ++++ helm/values.yaml | 39 +++++++++ rendered-chart.yaml | Bin 0 -> 2304 bytes requirements.txt | 3 + 16 files changed, 428 insertions(+) create mode 100644 .editorconfig create mode 100644 .gitignore create mode 100644 Dockerfile-1 create mode 100644 Dockerfile-2 create mode 100644 Dockerfile-3 create mode 100644 README.md create mode 100644 app.py create mode 100644 build.sh create mode 100644 helm/.helmignore create mode 100644 helm/Chart.yaml create mode 100644 helm/templates/configMap.yaml create mode 100644 helm/templates/deployment.yaml create mode 100644 helm/templates/service.yaml create mode 100644 helm/values.yaml create mode 100644 rendered-chart.yaml create mode 100644 requirements.txt diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..4d8928d --- /dev/null +++ b/.editorconfig @@ -0,0 +1,28 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +[*] +indent_style = space +indent_size = 4 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = false +insert_final_newline = false + +[*.yaml] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = false + +[*.md] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..61a35b1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +grype.exe diff --git a/Dockerfile-1 b/Dockerfile-1 new file mode 100644 index 0000000..d20663c --- /dev/null +++ b/Dockerfile-1 @@ -0,0 +1,12 @@ +FROM python:3.9.9-bullseye + +WORKDIR /usr/src/app + +COPY requirements.txt . +RUN pip install \ + --no-cache-dir \ + -r requirements.txt + +COPY . . +CMD ["uvicorn", "app:api", "--host", "0.0.0.0", "--port", "80"] + diff --git a/Dockerfile-2 b/Dockerfile-2 new file mode 100644 index 0000000..6afe23e --- /dev/null +++ b/Dockerfile-2 @@ -0,0 +1,12 @@ +FROM python:3.9.9-bullseye + +WORKDIR /usr/src/app + +COPY requirements.txt . +RUN pip install \ + --no-cache-dir \ + -r requirements.txt + +COPY . . +CMD ["uvicorn", "app:api", "--host", "0.0.0.0", "--port", "8000"] + diff --git a/Dockerfile-3 b/Dockerfile-3 new file mode 100644 index 0000000..3d71411 --- /dev/null +++ b/Dockerfile-3 @@ -0,0 +1,15 @@ +FROM python:3.9.9-bullseye + +WORKDIR /usr/src/app + +COPY requirements.txt . +RUN pip install \ + --no-cache-dir \ + -r requirements.txt + +RUN apt-get update && apt-get upgrade -y \ + && rm -rf /var/lib/apt/lists/* + +COPY . . +CMD ["uvicorn", "app:api", "--host", "0.0.0.0", "--port", "8000"] + diff --git a/README.md b/README.md new file mode 100644 index 0000000..c5ebd30 --- /dev/null +++ b/README.md @@ -0,0 +1,154 @@ +# Workshop + +Bekijk de Dockerfile. Deze is redelijk eenvoudig. Het neemt een bestaand python image en voegt daar een eenvoudige applicatie aan toe. + +Deze applicatie is straks te benaderen op en + +## 1 Maak het image en start deze + +Hiervoor heb je twee terminals nodig. + +In terminal 1 voer je de volgende commando's uit: + +```bash +docker build -t workshop:1.0.0 -f Dockerfile-1 . +docker run -e HELLO_NAME=Phippy2 --name workshop --rm -p 80:80 workshop:1.0.0 +``` + +(Phippy2 is de broer van Phippy ) + +Kijk in een browser of het doet. Kijk ook naar de logging van de pod. + + +## 2 Inspecteer de container + +Log in een tweede terminal in in de draaiende container en bekijk verschillende aspecten: + +```bash +docker exec -it workshop:1.0.0 bash +# inside container +id +apt update +ps -ef +touch /test +exit +``` + +En wat vind je er van? +Stop de container in terminal 1. + +## 3 Hoe maken we dit veiliger? + +Suggesties? + +Probeer eens het volgende in terminal 1: + +```bash +diff Dockerfile-1 Dockerfile-2 + +docker build -t workshop:1.2.0 -f Dockerfile-2 . +docker run -e HELLO_NAME=Phippy2 --user 500 --name workshop --rm -p 80:8000 workshop:1.2.0 +``` + +(We schakelen over naar poort 8000 omdat op een *nix systeem poort 80 bijzonder is. Wie weet wat er bijzonder aan is?) + +En in terminal 2: + +```bash +docker exec -it workshop:1.0.0 bash +# inside container +id +apt update +ps -ef +touch /test +exit +``` + +Stop de container in terminal 1 + +## 4 Upload image in minikube + +Lokale images zijn niet direct beschikbaar in minikube. Iedere keer als we een nieuwe versie maken moeten we deze uploaden. + +```bash +docker image ls +minikube image load workshop:1.0.0 +minikube image ls +``` + +## 5 Deploy de manifest file, gebaseerd op de helm chart in de directory helm + +Als je Lens hebt geinstalleerd is dit een mooi moment om deze te starten. + +```bash +minikube kubectl -- get nodes +minikube kubectl -- create -f rendered-chart.yaml +``` + +Controleer of de deployment werkt: + +In een terminal start een portforwarding: + +```bash +minikube kubectl port-forward svc/workshop 80:80 +``` + +Open weer de link +Hoe veilig is deze eigenlijk? + +## 6 Inspecteer de POD + +```bash +minikube kubectl -- get pods +NAME READY STATUS RESTARTS AGE +workshop-6c7bc5c754-ngq9n 1/1 Running 0 7m28s +# Get Pod name and use it below +minikube kubectl -- exec workshop-6c7bc5c754-ngq9n -it -- bash + +# inside container +id +apt update +ps -ef +touch /test +exit +``` + +We hebben nog steeds dezelfde issue als met Dockerfile-1 + +Kunnen we iets doen: + +- A in de Dockerfile? +- B in de manifest file? +- C c'est la via, mon ami. + +Wat dachten jullie van: + +- +- + +## 7 Wat is er nog meer mis? + +In terminal 1: + +```bash +grype workshop:1.2.0 +``` + +Ai, dat is schrikken... + +En nu dan? + +```bash +docker build -t workshop:1.3.0 . +grype workshop:1.3.0 + +docker image ls +``` + +## 8 Zijn we er nu? + +Wat kan nog meer beter? + +- Resources? +- Probes? +- Replicacount? diff --git a/app.py b/app.py new file mode 100644 index 0000000..4126d3e --- /dev/null +++ b/app.py @@ -0,0 +1,16 @@ +from fastapi import FastAPI, Response +import os + + +name = os.getenv("HELLO_NAME", "unknown") + +api = FastAPI() + +@api.get("/hello") +async def hello(): + return f"Hello {name}!!!" + + +@api.get("/healthz") +async def healthz(): + return "OK" diff --git a/build.sh b/build.sh new file mode 100644 index 0000000..0532637 --- /dev/null +++ b/build.sh @@ -0,0 +1,7 @@ +#!/bin/bash +CONTEXT="." +TAG="workshop" +DOCKERFILE="Dockerfile.local" + + +docker build -f $DOCKERFILE -t $TAG $CONTEXT diff --git a/helm/.helmignore b/helm/.helmignore new file mode 100644 index 0000000..898df48 --- /dev/null +++ b/helm/.helmignore @@ -0,0 +1,24 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + diff --git a/helm/Chart.yaml b/helm/Chart.yaml new file mode 100644 index 0000000..564df47 --- /dev/null +++ b/helm/Chart.yaml @@ -0,0 +1,25 @@ +apiVersion: v2 +name: cursus-application-1 +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1" + diff --git a/helm/templates/configMap.yaml b/helm/templates/configMap.yaml new file mode 100644 index 0000000..0f42834 --- /dev/null +++ b/helm/templates/configMap.yaml @@ -0,0 +1,8 @@ +{{ if (default .Values.useConfigMap false) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: env-variabelen +data: + naam: "Topper" +{{ end }} diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml new file mode 100644 index 0000000..69a0ef7 --- /dev/null +++ b/helm/templates/deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: {{ .Values.app.name }} + name: {{ .Values.app.name }} +spec: + replicas: {{ .Values.app.replicaCount }} + selector: + matchLabels: + app: {{ .Values.app.name }} + revisionHistoryLimit: 1 + template: + metadata: + labels: + app: {{ .Values.app.name }} + spec: + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Values.app.name }} + image: {{ .Values.app.image }} + imagePullPolicy: Never + + command: ["uvicorn", "app:api", "--host", "0.0.0.0", "--port", "{{ .Values.app.containerPort }}"] + + ports: + - name: {{ .Values.app.portName }} + containerPort: {{ .Values.app.containerPort }} + protocol: TCP + + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.app.portName }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.app.portName }} + + resources: + {{- toYaml .Values.resources | nindent 12 }} + # command: ["python", "sleep.py"] + + {{ if (default .Values.useConfigMap false) }} + env: + - name: HELLO_NAME + valueFrom: + configMapKeyRef: + name: env-variabelen + key: naam + {{ end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml new file mode 100644 index 0000000..b454f21 --- /dev/null +++ b/helm/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.app.name }} + labels: + app: {{ .Values.app.name }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.app.containerPort }} + protocol: TCP + name: {{ .Values.app.portName }} + selector: + app: {{ .Values.app.name }} diff --git a/helm/values.yaml b/helm/values.yaml new file mode 100644 index 0000000..c74fd6e --- /dev/null +++ b/helm/values.yaml @@ -0,0 +1,39 @@ +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +app: + name: workshop + replicaCount: 1 + image: docker.io/library/workshop:latest + loglevel: INFO + containerPort: 8000 + portName: http + +useConfigMap: false + +securityContext: {} + # runAsUser: 1000 + # runAsGroup: 3000 + # fsGroup: 2000 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +service: + type: ClusterIP + port: 80 + portName: http diff --git a/rendered-chart.yaml b/rendered-chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9c48644a7497729295b02b1edb60cafd9bd54bcd GIT binary patch literal 2304 zcmd6p%Wl(95Qb-+r?8SOy|6>wf&`T+6j8(mv2c^9scOfT?FJRZs{`MEP9||;$3b18 zqv-g|{qoPWe}12t&d4T~*sT@zWR=ZqVOPAD+?nNeVGUoomAumMT|=v(RkpT=Ab)Pp z@Ny(Z+$Gd6fnW1g*ecjt+iSRwP*ye%l-oTUBlH*8PvOc>ip+>O669q&M)e(g6;^8E zEASL06xkgT8Fbf@reZ0BudZGVXF>EX-;jeS%Ka^tp0K6NE4#Mo#!nf%HwRwM&~T2l z-`M3wUNPt>o67F7)?iB+G{KJ~bz&ASUBWMrD2T2g650GrOdf^Hwd=A(z9EWeN!`i# z&4QI`o1-*`YVvYC%<(3K6jV{YTH*O$P!XdMqPqBa*JJZIN?w8i)uUa-(S=tR>eONu!8}TQ>O9MXQB;HeP$FF!gZ5)3h+8NS|jeJCh-kMyW z&JW>Rc&o5?!zz*wr@Srx%B=v_Uh_B?8*NAYD@Zex6`LLsq5+<+N$0Ds1s{CAWYSq zDHSck+_sV5w(l9dM?C6J<$Dr2k?}q#8`iQeWC;I