Lee Bowie, IBM Technology Evangelist, main presenter
Fraser Anderson, IBM Global Elite, documentation
The associated presentation is available as Google Slides.
The following applications must be installed:
After installing the prerequisites, extract the workshop files to a folder on your computer.
-
Open a Command Prompt and navigate to the folder containing the extracted files.
-
Start Minikube with the command
minikube start
-
Enable the Ingress addon with the command
minikube addons enable ingress
-
Set your Docker environment to point to the Minikube Docker. Enter the command
minikube docker-env
-
After the command has run, instructions are given to point your minikube's docker daemon, for example
eval $(minikube -p minikube docer-env)
Copy these instructions, paste them into your command line and hit enter.
-
The next step is to define a namespace. The namescapce contains the API pod, the Database pod and the App pod. Enter the command
kubectl apply -f itest-namespace.yaml
A message appears stating that the itest-namespace is created
-
Now, grab an image for our deployment. Let's grab Apache Web Server. Run the command
docker pull httpd:2.4.46
-
Tag the deployment with the command
docker tag httpd:2.4.46 itest-image:v1
-
Create the deployment, enter
kubectl apply -f itest-deployment.yaml
A message appears stating that the deployment has been created. To understand what is being created open the file itest-deployment in your favourite text editor. The deployment is created in the namespace created in Step 6 called itest-namespace. The deployment contains two replicas of the pod to be created. The application is given the name itest-app and includes the itest-container with the image created in Step 7 and Step 8 named itest-image:v1.
-
Create a service to expose the deployment, enter
kubectl apply -f itest-service.yaml
A message appears stating that the service has been created. Open the file itest-service.yaml in your favourite text editor to see the port assignments. In this case the external port is 30005 and the internal port is the standard port 80.
-
Run the command
kubectl get all --namespace itest-namepace
to see the pods deployed. Note that there are two pods running as requested in Step 9.
-
Now it's time to secure our environment. Run the command
openssl req -newkey rsa:2048 -x509 -sha256 -days 3650 -nodes -out tls.crt -keyout tls.key
Then type it out the tls files on the command line with no carridge feeds and paste those into your secret yaml file
more tls.crt | base64 -w0 more tls.key | base64 -w0
-
When prompted, enter the Country Name, State or Province Name, City, Organization Name, Organizational Unit Name, Common Name and Email address. Two files are created, tls.crt and tls.key.
-
In your text editor, open three files - tls.crt, tls.key and itest-secret.yaml. Copy and paste the hash contents of the tls.crt file to the appropriate location in the itest-secret.yaml file. Repeat for the hash contents of the tls.key file. Save the itest-secret.yaml file.
-
Run the command
kubectl apply -f itest-secret.yaml
A message appears stating that itest-secret-tls is created.
-
Run the command
kubectl apply -f itest-ingress.yaml
A message appears stating that itest-ingress is created. Open the file itest-ingress.yaml to understand the Ingress deployment. The host name is itest.net for the outside world. Because we're using a secure connection the secret name, itest-secret-tls, is included. The secret includes the required certificate. The file goes on to direct all traffic to the the itest-service on port 30005.
-
Run the command
kubectl get ingress --namespace itest-namespace
-
Record the IP address for Ingress, for example 192.168.99.141.
-
Open the hosts file for your computer. For our example, add the following line
192.168.99.141 itest.net
All requests for itest.net are now directed to 192.168.99.141. For instructions on editing a hosts file on Microsoft Windows, click here.
-
Save the hosts file.
-
Run the command
ping itest.net
to ensure that traffic is now going to 192.168.99.141.
-
Open a web browser. Enter itest.net in your web browser's address bar. You receive warnings that the connection is not certificate. This is due to the fact that the certificate is self-signed. You can safely ignore these messages.
You see a message - It works!