Home
Welcome to the home-stack wiki!
Home Project Stack
The stack is deployed using Kubernetes cluster enabled using microk8s. microk8s is installed using snap package manger. Package is provided by Canonical (publisher of Ubuntu).
- Resources: quad-core ARMx64 processor with 8GB RAM
- Kernel: GNU/Linux 5.4.0-1058-raspi aarch64
- OS: Ubuntu 20.04.4
As of now it is deployed on single node cluster.
- Alok Singh
-
home-stack
- Table of contents
-
Deployment of home-stack Kubernetes Stack
- Create Namespaces
- Create ConfigMap
- Create Secrets
- Create Network policy
- MySQL Service - Pod/Deployment/Service
- Home API Service - Pod/Deployment/Service
- Home Auth Service - Pod/Deployment/Service
- Home ETL Service - Pod/Statefulset/Service
- Home GIT Commit CronJob
- Statement Parser Service - Pod/Deployment/Service
- Dashboard Service - Pod/Deployment/Service
- Jaeger Service
- Delete Stack
- Kubernetes Dashboard
- Ingress
- RBAC
- Horizon Autoscaling
- Miscellaneous commands
- Service Mesh - Istio
- Deployment Architecture
kubectl apply -f yaml/namespace.yamlkubectl apply -f yaml/config-map.yamlkubectl apply -f yaml/secrets.yamlkubectl apply -f yaml/networkpolicy.yamlkubectl apply --validate=true --dry-run=client -f yaml/mysql-service.yaml kubectl apply -f yaml/mysql-service.yaml --namespace=home-stackkubectl delete -f yaml/mysql-service.yaml --namespace=home-stackkubectl exec -it pod/mysql-0 --namespace home-stack -- mysql -u root -p home-stackkubectl logs pod/mysql-0 --namespace home-stackmysql -u root -p home-stack --host 127.0.0.1 --port 32306Note:
Follow the link to configure sqldeveloper on Mac to connect to MySQL server remotely
kubectl apply --validate=true --dry-run=client -f yaml/home-api-service.yaml kubectl apply -f yaml/home-api-service.yaml --namespace=home-stackkubectl delete -f yaml/home-api-service.yaml --namespace=home-stackkubectl exec -it pod/home-api-deployment-0 --namespace home-stack -- bashkubectl exec -it pod/home-api-deployment-0 --namespace home-stack -- tail -f /opt/logs/application.logkubectl logs pod/home-api-deployment-0 --namespace home-stackkubectl rollout restart statefulset.apps/home-api-deployment -n home-stackkubectl apply --validate=true --dry-run=client -f yaml/home-auth-service.yaml kubectl apply -f yaml/home-auth-service.yaml --namespace=home-stackkubectl delete -f yaml/home-auth-service.yaml --namespace=home-stackkubectl exec -it pod/home-auth-deployment-0 --namespace home-stack -- bashkubectl exec -it pod/home-auth-deployment-0 --namespace home-stack -- tail -f /opt/logs/application.logkubectl logs pod/home-auth-deployment-0 --namespace home-stackkubectl rollout restart statefulset.apps/home-api-deployment -n home-stackkubectl apply --validate=true --dry-run=client -f yaml/home-etl-service.yaml kubectl apply -f yaml/home-etl-service.yaml --namespace=home-stackkubectl delete -f yaml/home-etl-service.yaml --namespace=home-stackkubectl exec -it pod/home-etl-deployment-0 --namespace home-stack -- bashkubectl exec -it pod/home-etl-deployment-0 --namespace home-stack -- tail -f /opt/logs/application.logkubectl logs pod/home-etl-deployment-0 --namespace home-stackkubectl rollout restart statefulset.apps/home-api-deployment -n home-stackkubectl apply --validate=true --dry-run=client -f yaml/git-commit-cronjob.yaml kubectl apply -f yaml/git-commit-cronjob.yaml --namespace=home-stackkubectl delete -f yaml/git-commit-cronjob.yaml --namespace=home-stackkubectl apply --validate=true --dry-run=client -f yaml/stmt-parser-service.yaml kubectl apply -f yaml/stmt-parser-service.yaml --namespace=home-stackkubectl delete -f yaml/stmt-parser-service.yaml --namespace=home-stackkubectl exec -it pod/stmtparser-deployment-0 --namespace home-stack -- bashkubectl exec -it pod/stmtparser-deployment-0 --namespace home-stack -- tail -f /opt/logs/spring-batch.logkubectl logs pod/stmtparser-deployment-0 --namespace home-stackkubectl rollout restart statefulset.apps/stmtparser-deployment -n home-stackkubectl apply --validate=true --dry-run=client -f yaml/dashboard-service.yaml kubectl apply -f yaml/dashboard-service.yaml --namespace=home-stackkubectl delete -f yaml/dashboard-service.yaml --namespace=home-stackkubectl exec -it deployment.apps/dashboard-deployment --namespace home-stack -- /bin/shkubectl logs deployment.apps/dashboard-deployment --namespace home-stackkubectl apply --validate=true --dry-run=client -f yaml/jaeger-all-in-one-template.yml kubectl apply -f yaml/jaeger-all-in-one-template.yml --namespace=home-stackkubectl delete -f yaml/jaeger-all-in-one-template.yml --namespace=home-stackkubectl delete namespace home-stack
kubectl apply -f yaml/kubernetes-dashboard.yamlkubectl delete -f yaml/kubernetes-dashboard.yamlkubectl get all --namespace kubernetes-dashboardkubectl apply -f yaml/kubernetes-dashboard-rback-cluster-admin-user.yamlkubectl create token k8s-dashboard-cluster-admin-user --duration=999999h -n kubernetes-dashboardNote: use this token for Kubernetes Dashboard login
kubectl apply -f yaml/metrix-server.yamlkubectl delete -f yaml/metrix-server.yamlkubectl get deployment metrics-server -n kube-systemkubectl top nodesThis will deploy a daemonset nginx-ingress-microk8s-controller
microk8s enable ingresskubectl apply -f yaml/ingress.yaml --namespace=home-stackmicrok8s enable rbac
So that remotely cluster opertaion can be performed
kubectl apply -f yaml/home-user-rback-cluster-admin-user.yamlcd ~/cert/k8s
openssl genrsa -out alok.key 2048
openssl req -new -key alok.key -out alok-csr.pem -subj "/CN=alok/O=home-stack/O=ingress"
scp alok-csr.pem alok@jgte:cert/openssl x509 -req -in ~/cert/alok-csr.pem -CA /var/snap/microk8s/current/certs/ca.crt -CAkey /var/snap/microk8s/current/certs/ca.key -CAcreateserial -out ~/cert/alok-crt.pem -days 365
scp alok@jgte:cert/alok-crt.pem ~/cert/k8sscp alok@jgte:/var/snap/microk8s/current/certs/ca.crt ~/cert/k8sNote: add below entry in /etc/hosts
192.168.1.200 jgte kubernetes
kubectl config set-cluster home-cluster --server=https://kubernetes:16443 --certificate-authority=/Users/aloksingh/cert/k8s/ca.crt --embed-certs=truecat ~/.kube/configkubectl config set-credentials alok --client-certificate=/Users/aloksingh/cert/k8s/alok-crt.pem --client-key=/Users/aloksingh/cert/k8s/alok.key --embed-certs=truekubectl config set-context alok-home --cluster=home-cluster --namespace=home-stack --user alokkubectl config use-context alok-homekubectl autoscale deployment dashboard-deployment --min=2 --max=3 -n home-stackkubectl get hpa --namespace home-stackkubectl edit hpa dashboard-deployment --namespace home-stackkubectl scale -n home-stack deployment dashboard-deployment --replicas=1kubectl get all --all-namespaceskubectl logs pod/dashboard-deployment-65cf5b8858-7x8z8 --namespace home-stackkubectl describe pod/dashboard-deployment-65cf5b8858-7x8z8 --namespace=home-stackkubectl get -A podskubectl explain --api-version="batch/v1beta1" cronjobs.specTo be explored - seems microk8s isteo addon not supported for ARMx64 architecture. Where the same is supported for minikube.
| Application | Description | Service Type | Deployment/StatefulSet/CronJob/DaemonSet | URL | Comments |
|---|---|---|---|---|---|
| Home ETL Service | ETL for bank statement and other sources | ClusterIP (Headless) | StatefulSet | /home/etl | NA |
| Home API Service | API for Bank/Expense/Tax/Investment/etc... | ClusterIP | Deployment | /home/api | GraalVM based native Image |
| Home Dashboard | ReactJS App on Nginx | NodePort | Deployment | http://jgte:30080 or https://jgte | - For multinode deployment Interface has to be changed to ClusterIP and put behind Ingress - externalTrafficPolicy: Local to disable SNATing |
| Home GIT Cronjob | Cronjob to update GIT with uploaded statement | None | CronJob | NA | NA |
| Database | MySQL | NodePort | StatefulSet | jdbc:mysql://mysql:3306/home-stack | - NodePort because I want to access SQL from outside of the cluster |
| Kubernetes Dashboard | LoadBalancer (static IP) | Deployment | https://jgte:8443/ | ||
| Kubernetes Matrix | Generating resource utilization matrix | ClusterIP | Deployment | NA | |
| Kubernetes Matrix Scraper | Matrix scrapper from pods | ClusterIP | Deployment | NA | |
| Jaeger Dashboard | NodePort | Deployment | http://jgte:31686/ | ||
| Ingress Controller | Nginx Ingress Controller | NodePort | DaemonSet | Port: 443 | API/ETL/Dashboard are behind Nginx but still we have Dashboard accessible directly (from mobile cant access host name - require local DNS server) |
graph LR
A[Write Code] --> B{Does it work?}
B -- Yes --> C[Great!]
B -- No --> D[Google]
D --> A