Kubernetes

Deploy a minimal nginx app managed via Kustomize, write an ArgoCD Application manifest, and watch the GitOps loop in action — push to git, ArgoCD detects the diff, the cluster syncs.

Install ArgoCD on a local Kubernetes cluster, access the UI, set up the CLI, and understand what each component does — including the gotchas that will cost you an hour if you don’t know about them.

Error # While moving to kubernetes, and migrating spring boot apps, we encountered a strange behavior that few of the webpages served by freemarker templates in spring boot were adding port :8080 instead of just using the hostname with SSL port :443 Fix # After some investigation and trying to find some workaround, we found out that X-Forwarded-* headers needs to be forwarded by nginx ingress controller when it’s behind an azure app gateway(L7 load balancer).

Ingress configurations in helm values files. The following setup assumes that you have a helm chart which provides the configuration to deploy a service and an ingress for it Now, lets look at few of the sample helm values file configurations for ingress configurations with ingress-nginx. Enable Cors # ingress: enabled: true annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-methods: "DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT" nginx.ingress.kubernetes.io/cors-allow-headers: "*" nginx.ingress.kubernetes.io/cors-allow-origin: "*" nginx.ingress.kubernetes.io/cors-max-age: "100" nginx.ingress.kubernetes.io/cors-allow-credentials: "true" hosts: - host: ravikrs.com paths: - path: /test/path1 pathType: Prefix - path: /path2 pathType: Prefix External Authentication # External Authentication configuration based from doc

Background # When deploying applications to kubernetes, we should restrict access to resources like databases, queues, cache, etc. From a security prospective, we should not be able to connect to storage/database from outside the kubernetes deployment(applications). Only applications deployed to kubernetes cluster should be allowed access to databases,queues, etc. Problem # But for debugging purpose its essential to be able to connect to such resources. For e.g. we might need to check some data in the database or verify if an item is getting stored in redis cache, etc

It is useful to configure hostnames for kubernetes ingresses when testing kubernetes application locally on a developer’s machine. We may add LoadBalancer IP address to /etc/hosts file to be able to open ingress hostname in browsers. Minikube # Show IP of the LoadBalancer minikube ip 192.168.49.2 update localhost /etc/hosts file example 192.168.178.50 demo.nginx.local 192.168.178.50 demo1.nginx.local Rancher Desktop # Assuming ingress-nginx is installed following nginx-ingress-rancher-destop in ingress-nginx namespace.

Kubernetes Introduction # Build a docker image # Dockerfile default filename FROM base image to be used for container ADD copies files/directories/remote file urls to container filesystem. Tarball and Remote URL (git, http) handling COPY same as ADD without tar and remote url handling CMD kubectl –namespace <DEV|STAGING|PROD> get deployments,pods,svc,ingress