Forem: Balaji SR

DevOps tool-chain setup on Kubernetes cluster. Part - 3/3

Balaji SR — Mon, 02 Jul 2018 21:38:34 +0000

Introduction

This is the 3rd and final part in continuation with my previous articles on DevOps tool-chain setup on Kubernetes cluster. In this article, I have explained how to setup Nexus on the Kubernetes cluster.

Nexus setup on Kubernetes cluster

Nexus is an artifact repository which plays an important role in the software development lifecycle especially in the age of Docker containers. I have created the below list of Kubernetes components to host Nexus artifact repository on the cluster.

Storage class for Nexus

I have created the Storage Class for Nexus.

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: nexus-storage-data
  labels:
    app: nexus-storage-data
provisioner: kubernetes.io/aws-ebs
parameters:
  type: gp2
  zone: eu-west-2a
allowVolumeExpansion: true

Persistence Volume for Nexus

I have created Persistence Volume for Nexus with Storage space of 2GB on the Kubernetes Cluster.

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: nexus-storage
  labels:
    app: nexus-storage
  annotations:
    volume.beta.kubernetes.io/storage-class: "nexus-storage-data"
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi

Deployment for Nexus

I have created a deployment script which pulls the Nexus image if not persent in the Kubernetes cluster and configured on port 8081. I have configured user group for Nexus user.

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: nexus
spec:
  replicas: 1
  template:
    metadata:
      name: nexus
      labels: 
        app: nexus
    spec:
      securityContext:
        fsGroup: 2000
      containers:
        - name: nexus
          image: sonatype/nexus3:3.8.0
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 8081
              name: nexusport
          volumeMounts:
            - name: nexus-data
              mountPath: /nexus-data
      volumes:
        - name: nexus-data
          persistentVolumeClaim:
            claimName: nexus-storage

Service for Nexus

I have created service for Nexus on port 8081

kind: Service
apiVersion: v1
metadata:
  name: nexus
  labels:
    app: nexus-svc
spec:
  type: NodePort
  ports:
    - port: 8081
      targetPort: 8081
      name: nexusport
  selector:
    app: nexus
  type: LoadBalancer

By now I have created storage class, persistent volume, deployment, and service for Nexus and it is up & running.

$kubectl get deployment
$kubectl get pod
$kubectl get svc

By now all Kubernetes components are created for the CI/CD pipeline and it can be verified either by executing a command or by using the Kubernetes dashboard. In the below section, I am going to use the Kubernetes dashboard to verify the components that I have created.

Kubernetes cluster components

Kubernetes dashboard with details of components that are created as a part of this cluster setup are available below.

Persistent Volumes

Below is the screenshot that contains list of Persistent Volumes

Storage Classes – Below is the list of Storage Classes

Deployments – Below is the list of Deployments

Services – Below is the list of services

Conclusion

By now, I have covered the entire CI/CD toolset - Jenkins, sonarqube with PostgreSQL and nexus set up with the single replica on the kubernetes cluster. This can be used to establish a DevOps pipeline on the kubernetes cluster.

DevOps tool-chain setup on Kubernetes cluster. Part - 2/3

Balaji SR — Wed, 27 Jun 2018 05:57:20 +0000

Introduction

This is in continuation of my previous article - DevOps tool-chain setup on Kubernetes cluster. Part - 1/3. In this article, I have covered on how to setup the SonarQube and PostgreSQL on the Kubernetes cluster.

SonarQube setup on Kubernetes cluster

SonarQube is a web-based open source platform used to measure and analyse the source code quality. Code quality analysis makes your code more reliable and readable. It can analyse and manage code of more than 20 programming languages.

SonarQube needs a database and it supports databases like MySQL, PostgreSQL, MSSQL, etc. In this article I have used PostgreSQL as the database for SonarQube. I have followed a sequence of creating PostgreSQL DB kubernetes components followed by SonarQube Kubernetes components.

Let me configure PostgreSQL and SonarQube on the Kubernetes cluster by using the below scripts.

PostgreSQL setup on Kubernetes cluster

In this section, I have setup PostSQL on Kubernetes cluster by using the below scripts.

Storage class for PostgreSQL

I have created the Storage Class for PostgreSQL Database.

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: sonar-storage
  labels: 
    app: sonar-storage
provisioner: kubernetes.io/aws-ebs
parameters:
  type: gp2
  zone: eu-west-2a
allowVolumeExpansion: true

Persistent Volume for PostgreSQL

I have created Persistent Volume and allocated 4GB as the storage space for PostgreSQL.

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: sonar-postgres-data
  labels: 
    app: Sonar-Postgres-Data
  annotations:
    volume.beta.kubernetes.io/storage-class: "sonar-storage"
spec:
  accessModes: 
    - ReadWriteOnce
  resources:
    requests: 
      storage: 4Gi

Deployment for PostgreSQL

I have created a deployment script which pulls the PostgreSQL image, if the image is not persent in the Kubernetes cluster. I have configured PostgreSQL with the port 5432. Its data are persisted on the persistent volume which is created in the previous step. This deployment is created with single Replica. PostgreSQL Database credentials (user name & password) are mentioned in clear text. In production environment it is not advisable to have password in clear text.

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: postgresql-sonar
spec:
  replicas: 1
  template:
    metadata: 
      name: postgresql-sonar
      labels:
        app: postgresql-sonar
    spec:
      containers:
        - name: postgreqsl-sonar
          image: postgres:9.6
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 5432
              name: postgresql-port
          env:
            - name: POSTGRES_USER
              value: sonar
            - name: POSTGRES_PASSWORD
              value: password
            - name: PGDATA
              value: /var/lib/postgresql/data/pgdata
          volumeMounts:
            - name: db-data
              mountPath: /var/lib/postgresql/data
      volumes:
        - name: db-data
          persistentVolumeClaim:
            claimName: sonar-postgres-data

Service for PostgreSQL

I have created service for PostgreSQL on port 5432.

kind: Service
apiVersion: v1
metadata:
  name: postgresql-db
  labels:
    name: postgresql-db
spec:
  type: NodePort
  ports:
  - port: 5432
    targetPort: 5432
    protocol: TCP
    name: postgresql-db-port
  selector:
    app: postgresql-sonar

SonarQube Configuration

I have created all the required Kubernetes components for the SonarQube Database in the previous sections. Now, I am going to create Kubernetes components for SonarQube which will use all the Database components.

Deployment for SonarQube

I have created a deployment script which pulls the SonarQube image, if not persent in the Kubernetes cluster and configured on port 9000. I have configured SonarQube to connect with the PostgreSQL DB which is exposed on port 5432 by providing the user credentials.

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: sonar
spec:
  replicas: 1
  template:
    metadata:
      name: sonar
      labels: 
        app: sonar
    spec: 
      containers:
      - name: sonar
        image: sonarqube:6.7
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 9000
          name: sonarport
        env: 
          - name: SONARQUBE_JDBC_USERNAME
            value: sonar
          - name: SONARQUBE_JDBC_PASSWORD
            value: password
          - name: SONARQUBE_JDBC_URL
            value: jdbc:postgresql://postgresql-db:5432/sonar

Service for SonarQube

I have created a service for SoanrQube on its default port 9000.

kind: Service
apiVersion: v1
metadata:
  name: sonar
  labels:
    app: sonar
spec:
  type: NodePort
  ports:
    - port: 9200
      targetPort: 9000
      name: sonarport
  selector:
    app: sonar
  type: LoadBalancer

By now I have created storage class, persistent volume, deployment, and service for SonarQube and PostgreSQL DB and it is up & running.

$kubectl get deployment
$kubectl get pod
$kubectl get svc

Conclusion

By now I have covered how to setup SonarQube and PostgreSQL with single Replicaset on a Kubernetes cluster. I will discuss the Nexus setup in the final article.

Note:
yaml files are space sensitive and the scripts that are available in this article might have tab spaces instead of whitespace. These scripts will fail, if you copy and paste without changing the tab to whitespace.

Blockchain - Hyperledger fabric - a high level overview

Balaji SR — Sun, 24 Jun 2018 12:04:43 +0000

Introduction:

In the recent times, Blockchain has become the talk of the town. In this article, I have tried to cover a very high-level overview of Blockchain/Distributed Ledger and how it can help us. I have also given an overview of Hyperledger fabric Blockchain components.

What is Blockchain?

There is no single definition for Blockchain. According to me, Blockchain is an immutable distributed ledger that records the transactions in a decentralized environment. It’s an ordered list of all the transactions since inception. There are different type of Blockchain like public(permissionless) & permission. In this article, I have discussed the permission Blockchain – Hyperledger Fabric.

What is distributed ledger?

It is a set of records that are shared, replicated and synchronized among the participants in a network. It records all the transactions like the exchange of data or assets among the participants in the network.

Problem statement:

There are different participants in a business and every participants keep their own ledger copy. Transactions are bilateral and each participant has to interact with each other and thus by creating a complex network. Transactions are governed by a central body which needs multiple approvals. This is a time & money consuming task.

Trust:

Establishing trust in a network is very difficult and it’s a time consuming with the subject of reputation. The reputed and governing body takes time to create trust.

Transparency:

As each participant in the network has its own ledger which is not shared and so there is no transparency in the network.

Accountability:

Regulators like bank, clearinghouse, stock exchange, legal services are required as a middleman to ensure the accountability of the transaction.

How does Blockchain help?

The Blockchain is a tamper-proof immutable distributed ledger which records all the transactions in a network. The ledger is maintained by all participants and it is distributed in a peer-to-peer network. Instead of trusting on the 3rd party or central governances, Blockchain uses consensus protocol to commit a transaction into the ledger. The integrity of the transactions are achieved by cryptographic hashes and digital signatures.

How does Blockchain works?

In a distributed peer-to-peer network, transactions are stored in blocks which are linked together to form a chain and this is called as Blockchain. Each block contains a hash of the current block, timestamp of recent valid transaction and hash for the previous block. Previous block hash is used to link the block and prevents from altering the block or inserting between blocks.

Hyperledger – Linux foundation project

Hyperledger is an open source hosted by Linux foundation and openly governed by collaborative effort to advance the cross-industry blockchain technologies for business. Hyperledger Fabric is a blockchain framework implementation and it is one of the Hyperledger projects.

Some key feature of Fabric:

No token - Permissioned blockchain
Based on consensus
Endorsement policies for transactions approvals
Private Channels for sharing confidential information

Components of Hyperledger fabric

Peers

These are the network services that maintain the ledger. It receives ordered update messages for committing the new transaction to the ledger and to run the smart contacts.

Committing peers

It commits transactions and maintains the ledger & state.

Endorsing peers

It receives transactions for endorsement and it verifies whether the transaction fulfills all the necessary and sufficient conditions. Thereby the Endorsing peer responds by granting or denying the endorsement.

Ordering service or Orderers

It approves the inclusion of blocks into the ledger. It communicates with peers and endorsing peers. It provides a shared communication channel to clients and peers over which the transaction can be broadcasted.

Channels

These are subnets of the peer network which shares a single ledger. It is used to restrict access to the transaction with involved parties. It means clients only can see the messages and their associated transactions of the channels they are connected to and are unaware of other channels.

Certificate authorities

It provides identity services to participants on the network. It manages different types of certificates required to run the blockchain.

Smart contracts

It’s the transaction logic running on each invocation call. Transaction invocation results in updating or querying the ledger state.

Consensus

It’s the process by which the agreement is obtained on the peer network. It is responsible for consistently replicating the ledger and for agreeing on new blocks.

Shared ledger

It is an immutable record of all transactions on the network. It’s a collection of records that all participants on the network can access.

Client

It is an End-user application which must be connected to the Blockchain through a peer.

Architecture of Hyperledger Fabric v1

How does it works?

Client application / SDK submits a transaction proposal for a chaincode by targeting the required peers. All the Endorser peers will execute the transactions. These transactions will not be updated in the ledger as it is only to endorse. Once endorsement is completed, it is signed by the endorser and returned to the client. The client then submits the transaction to the Orderer. It is then the Ordering service collects the transaction in blocks and distributes to the committing peers. These committing peers then deliver to other peers using gossip. There are different ordering algorithms are available such as SOLO (single node, development), Kafka, SBFT.

Committing peers validate the transactions against the endorsement policy and also check whether the transactions are valid for the current state. After all these processes the transactions are written into the ledger. Client applications are notified when the transactions are succeeded or failed and also when the blocks are added into the ledger if they are registered for the notification. The client application will also be notified by each peer to which they are connected to.

Conclusion

I have given an overview of what Blockchain is and high-level view of Hyperledger fabric. This approach can be used across various business areas like finance, supply chain, trade, etcs.

DevOps tool-chain setup on Kubernetes cluster. Part - 1/3

Balaji SR — Sat, 23 Jun 2018 20:25:00 +0000

Introduction

DevOps has become a part of the software lifecycle management with CI/CD pipeline to deliver a change to production in an automated way.

In CI/CD pipeline the popular open source tools are Github for source code repository, Jenkins for Continuous Integration, build, test & deployment orchestration, SonarQube for static code analysis and Nexus for artifacts repository. There are many open source tools available for testing too. This article is not much about DevOps or CI/CD pipline rather it will describe how to create the CI/CD pipeline on Kubernetes cluster environment using kubectl.

Containers:

These are methods of operating system virtualization that allows us to run an application and its dependencies in resource-isolated processes. Containers allows a developer to package an application with parts it needs, such as libraries and other dependencies, and ship it all out as one package. There are many container options that are available and Docker is one such open source container which is very widely used.

Kubernetes:

It is a portable open-source platform for managing containerised workloads and services that facilitates both declarative configuration and automation. Kubernetes has become the default tool to manage the containers in most of the public, private & hybrid cloud and also on the bare metal systems.

This write-up describes on how to create Kubernetes cluster with Jenkins, Sonar, Nexus as pods on AWS cloud. It doesnt includes details about functionality of Jenkins, SonarQube, Nexus.

I have already write an article on setting up a Kubernetes cluster on AWS Cloud with one master and two worker nodes. For futher details refer the link - https://dev.to/sr_balaji/kubernetes-cluster-setup-on-aws-13m6

Kubernetes components

The list of Kubernetes components that is used in this cluster are detalied below. I have provided a very high-level details on the Kubernetes components. For further details please refer https://kubernetes.io.

Cluster: It is set of a physical or virtual machine and, in Kubernetes, all machine are managed as a cluster.
Node: It is a worker machine in Kubernetes. It may be a Virtual or physical machine. (In this article I have used EC2 instance to provision the Kubernetes Cluster)
Pod: It is a group of one or more containers (such as Docker containers), with shared storage/network, and a set of specifications to run the containers. A pod’s contents are always co-located, co-scheduled and runs in a shared context.
Deployment: It provides declarative updates for Pods and ReplicaSets.
Persistent Volume: It is a piece of storage in the cluster that has been provisioned by an administrator. It is a node in cluster resource.
Persistent Volume Claim: It is a request for storage by an user.
Service: It is an abstraction that defines a logical set of Pod(s)
Storageclass: It provides a way for administrators to describe the “classes” of storage they offer.

Kubernetes Cluster environment

In this Kubernetes cluster, I have created a single instance of the Jenkins, SonarQube & Nexus and configured in such a way that one instance of these servers is always available. The data of these servers are persisted, and even in the event of these servers getting crashed, it rebuilds automatically with the data that are preserved.

I have created separate storage class for Jenkins, SonarQube & Nexus with data persistence. Each of the servers are available as a separate pod with their ports exposed as a service. I have used deployment to create pods for individual tools.

Jenkins Setup on the Kubernetes cluster

Jenkins is an open source Continuous Integration (CI)/Continuous Delivery (CD) orchestration tool. It offers a simple way to set up a CI/CD environment for any languages & source code repositories. I have created the following list of Kubernetes components to host Jenkins server on the cluster.

Storage class for Jenkins

I have created the storage class on the cluster for Jenkins data.

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: jenkins-storage
  labels: 
    app: jenkins-storage
provisioner: kubernetes.io/aws-ebs
parameters:
  type: gp2
  zone: eu-west-2a
allowVolumeExpansion: true

Persistent Volume for Jenkins

I have created a Persistent Volume claim and allocated 2GB as the storage space to presist Jenkins data.

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: jenkins-data
  annotations:
    volume.beta.kubernetes.io/storage-class: "jenkins-storage"
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi

Deployment for Jenkins

I have created a deployment script which pulls the Jenkins official image from internet and I have configured Jenkins with the default port 8080. Its data are persisted on the persistent volume which is created in the previous step. This deployment is created with single Replica which means Kubernetes will make sure that one instance of Jenkins is always up & running. In this configuration the port is not exposed to the cluster which will be covered in the next section.

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: jenkins
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      securityContext:
        runAsUser: 1000
        fsGroup: 1000
      containers:
      - name: jenkins
        image: jenkins:2.60.3
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8080
        volumeMounts:
          - name: jenkins-home
            mountPath: /var/jenkins_home
      volumes:
        - name: jenkins-home
          persistentVolumeClaim:
            claimName: jenkins-data

Service for Jenkins

I have created a Service to expose Jenkins on port 9500 rather than on its default port.

apiVersion: v1
kind: Service
metadata:
  name: jenkins
  labels:
    app: jenkins
spec:
  type: NodePort
  ports:
    - port: 9500
      targetPort: 8080
      name: jenkinsport
  selector:
    app: jenkins
  type: LoadBalancer

I have created storage class, persistent volume, deployment, and service for Jenkins so far. All the components for Jenkins are created and it is up running.

$kubectl get deployment
$kubectl get pod
$kubectl get svc

Conclusion

In this article, I have covered on how to setup Jenkins with single Replicaset on a Kubernetes cluster. I will cover the setup of SonarQube and Nexus in the next articles.

Note:

yaml files are space sensitive and the scripts that are available in this article might have tab spaces instead of whitespace. These scripts will fail, if you copy and paste without changing the tab to whitespace.

Kubernetes cluster setup on AWS

Balaji SR — Fri, 22 Jun 2018 15:21:27 +0000

Kubernetes

It is an open source system for managing containerized applications across multiple hosts, providing basic mechanisms for deployment, maintenance, and scaling of applications.

In this article, I am going to setup a Kubernetes cluster on AWS cloud environment up for which I am going to use a tool called KOPS.

What is KOPS? kops is an opinionated provisioning system with

Fully automated installation
Uses DNS to identify clusters
Self-healing: everything runs in Auto-Scaling Groups
Limited OS support (Debian preferred, Ubuntu 16.04 supported, early support for CentOS & RHEL)
High-Availability support
Direct provision or terraform manifest generation

Pre-requisite

As a part of the setup, I would need an Ubuntu or Debian instance with latest updates and other supporting utility/tools like AWS-CLI, S3 bucket, Hosted Zone on Route 53 and a registered domain. In this article, I am going to use Ubuntu instance to launch my cluster.

Ubuntu EC2-instance

Let me launch an AWS EC2 Ubuntu instance and update with the latest packages.

$sudo apt-get update

$sudo apt-get -y upgrade

kops installation

I have downloaded the latest version of kops and changed the permission before moving it to /usr/local/bin

$ wget -O kops https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-linux-amd64

$ chmod +x kops

$ sudo mv kops /usr/local/bin/

kubectl installation

I have downloaded the latest version of the kubectl and changed the permission before moving it to /usr/local/bin

$ curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
$ chmod +x kubectl
$ sudo mv kubectl /usr/local/bin/

AWS CLI

I have installed AWS CLI to access the AWS instance from the command line to create Kubernetes cluster.

$ sudo apt-get install python-pip
$ pip install --upgrade pip
$ sudo pip install awscli

IAM user creation

On AWS console, I have created a new IAM user (for example kops) with full access and saved the access keys as it would be used to configure the AWS CLI. Then I have copied both AWS access key ID and AWS secret access key for later usage.

On the EC2 instance, I have configured the newly created AWS IAM user with following commands

$aws configure

AWS Access Key ID [None]:  AWS Secret Access Key [None]: Default region name [None]: < Optional : Please enter the region or blank for default>
Default output format [None]: < Optional : Please enter the output format or blank for default>

On the same the EC2 instance, I have generated a key pair for AWS EC2 user. It will be used to connect to the kubernetes cluster which I am going to create. In my case, as it is Ubuntu user the ssh keys by default are stored in .ssh folder of the user home directory.

$ ssh-keygen

Domain creation

I have created a domain for the cluster user "kops" and DNS for discovery which will be used inside the cluster and to reach the kubernetes API server from the client. It should have a valid DNS name. I recommend using a subdomain for the cluster configuration.

An existing domain or a new domain can be used. In this example, I have created a new domain and hosted it on dot.tk which is a free domain provider.

Domain registration on dot.tk / freenom.com:

I have registered a new domain on freenom.com with the name k8sclustersetup.tk which I going to use for my Kubernetes cluster.

Create Hosted Zone

On AWS console, I have created a new Hosted zone on router 53. I have logged into AWS console, navigate to router53 DNS management and created new Hosted Zone. It's advisable to create a subdomain. This creates a set of name servers which can be copied for later usage. I have copied the name server details which starts with ns-xxx.awsdns-xx.com, ns-xxx.awsdns-xx.co.uk, ns-xxx.awsdns-xx.org, ns-xxx.awsdns-xx.net.

These NameServer (NS) values should be updated on the domain service provider. In this setup, I have updated the NS details on freenom.com.

S3 bucket creation

I have created a new S3 bucket with a meaningful name (for example "kopsclusterdemo") which is used to store the cluster state. Kubernetes uses S3 to store the cluster details like configuration, keys, etc.

With this, all the pre-requisite has been setup and the environment is ready to create and launch the Kubernetes cluster.

Kubernetes cluster creation

For learning purpose, I have chosen the t2.micro which is a free EC2 instance. I have executed the below command to create the kubernetes cluster with one master and 2 worker nodes.

$ kops create cluster --name=k8sclustersetup.tk --state=s3://kopsclusterdemo --zones=eu-west-2a --node-count=2 --node-size=t2.micro --master-size=t2.micro --dns-zone=k8sclustersetup.tk

$kops update cluster k8sclustersetup.tk --yes --state=s3://kopsclusterdemo

It takes a couple of minutes for the Kubernetes cluster to get created. To confirm whether the Kubernetes cluster got created I have used the below command to list the cluster details.

$kops get cluster --state=s3://kopsclusterdemo

Cluster node details can be listed by issuing the below command.

$kubectl get node

Conclusion

In this article, the details to install and configure Kubernets cluster on AWS has been provided.