From 7f0ffe5610174eaea80aed06c1b586ebf0de2b93 Mon Sep 17 00:00:00 2001 From: Thomas Geiger Date: Wed, 3 Jul 2024 16:41:37 +0200 Subject: [PATCH] manifests for deployment --- DEMO.md | 301 +++++++++++++++++++++++++++++- manifests/app-namespace.yml | 4 + manifests/backend-deployment.yml | 19 ++ manifests/backend-service.yml | 12 ++ manifests/demo-namespace.yml | 4 + manifests/demo-pod.yml | 10 + manifests/frontend-deployment.yml | 19 ++ manifests/frontend-service.yml | 12 ++ manifests/network-policy.yml | 29 +++ 9 files changed, 409 insertions(+), 1 deletion(-) create mode 100644 manifests/app-namespace.yml create mode 100644 manifests/backend-deployment.yml create mode 100644 manifests/backend-service.yml create mode 100644 manifests/demo-namespace.yml create mode 100644 manifests/demo-pod.yml create mode 100644 manifests/frontend-deployment.yml create mode 100644 manifests/frontend-service.yml create mode 100644 manifests/network-policy.yml diff --git a/DEMO.md b/DEMO.md index 938b1c5..503256f 100644 --- a/DEMO.md +++ b/DEMO.md @@ -42,4 +42,303 @@ Clone the repository to your local machine: ```bash git clone https://github.com/your-username/your-repo.git -cd your-repo \ No newline at end of file +cd your-repo +``` + +### Docker Images + +#### Backend + +1. **Create `requirements.txt`**: + + Create a `requirements.txt` file in the `backend` directory: + + ```plaintext + flask + ``` + +2. **Create `Dockerfile`**: + + Create a `Dockerfile` in the `backend` directory: + + ```dockerfile + FROM python:3.9-slim + + WORKDIR /app + + COPY requirements.txt requirements.txt + RUN pip install -r requirements.txt + + COPY app.py /app + + CMD ["python", "app.py"] + ``` + +3. **Build and Push Docker Image**: + + Build and push the Docker image for the backend application: + + ```bash + cd backend + docker build -t ghcr.io/your-username/backend-demo:latest . + docker push ghcr.io/your-username/backend-demo:latest + cd .. + ``` + +#### Frontend + +1. **Create `requirements.txt`**: + + Create a `requirements.txt` file in the `frontend` directory: + + ```plaintext + flask + requests + ``` + +2. **Create `Dockerfile`**: + + Create a `Dockerfile` in the `frontend` directory: + + ```dockerfile + FROM python:3.9-slim + + WORKDIR /app + + COPY requirements.txt requirements.txt + RUN pip install -r requirements.txt + + COPY frontend.py /app + + CMD ["python", "frontend.py"] + ``` + +3. **Build and Push Docker Image**: + + Build and push the Docker image for the frontend application: + + ```bash + cd frontend + docker build -t ghcr.io/your-username/frontend-demo:latest . + docker push ghcr.io/your-username/frontend-demo:latest + cd .. + ``` + +### Deploy to Kubernetes + +#### Backend Deployment + +1. **Create `backend-deployment.yaml`**: + + ```yaml + apiVersion: apps/v1 + kind: Deployment + metadata: + name: flask-api + spec: + replicas: 3 + selector: + matchLabels: + app: flask-api + template: + metadata: + labels: + app: flask-api + spec: + containers: + - name: flask-api + image: ghcr.io/your-username/backend-demo:latest + ports: + - containerPort: 80 + --- + apiVersion: v1 + kind: Service + metadata: + name: flask-api-service + spec: + selector: + app: flask-api + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: ClusterIP + ``` + +2. **Apply Backend Deployment**: + + ```bash + kubectl apply -f deployment/backend-deployment.yaml + kubectl apply -f deployment/backend-service.yaml + ``` + +#### Frontend Deployment + +1. **Create `frontend-deployment.yaml`**: + + ```yaml + apiVersion: apps/v1 + kind: Deployment + metadata: + name: frontend + spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: ghcr.io/your-username/frontend-demo:latest + ports: + - containerPort: 80 + --- + apiVersion: v1 + kind: Service + metadata: + name: frontend-service + spec: + selector: + app: frontend + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: LoadBalancer + ``` + +2. **Apply Frontend Deployment**: + + ```bash + kubectl apply -f deployment/frontend-deployment.yaml + kubectl apply -f deployment/frontend-service.yaml + ``` + +#### Network Policy + +1. **Create `network-policy.yaml`**: + + ```yaml + apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-frontend-to-backend + spec: + podSelector: + matchLabels: + app: backend + policyTypes: + - Ingress + ingress: + - from: + podSelector: + matchLabels: + app: frontend + ports: + - protocol: TCP + port: 80 + ``` + +2. **Apply Network Policy**: + + ```bash + kubectl apply -f deployment/network-policy.yaml + ``` + +#### Demo Pod for Verification + +1. **Create `demo-pod.yaml`**: + + ```yaml + apiVersion: v1 + kind: Namespace + metadata: + name: demo-namespace + --- + apiVersion: v1 + kind: Pod + metadata: + name: demo-pod + namespace: demo-namespace + spec: + containers: + - name: demo-container + image: busybox + command: ["sh", "-c", "sleep 3600"] + ``` + +2. **Apply Demo Pod**: + + ```bash + kubectl apply -f deployment/demo-pod.yaml + ``` + +## Verify Network Policy + +1. **Test from Demo Pod**: + + Execute a shell inside the demo pod to test connectivity to the backend service: + + ```bash + kubectl exec -it demo-pod -n demo-namespace -- sh + ``` + + Inside the shell, try to connect to the backend service: + + ```sh + wget -qO- http://flask-api-service.default.svc.cluster.local/api + ``` + + You should see that the connection is refused or times out, demonstrating that the network policy is effectively blocking traffic from the demo pod to the backend service. + +2. **Test from Frontend Pod**: + + Similarly, you can verify that the frontend pod can communicate with the backend service. + + ```bash + kubectl exec -it -- sh + ``` + + Inside the shell, try to connect to the backend service: + + ```sh + wget -qO- http://flask-api-service.default.svc.cluster.local/api + ``` + + You should see a successful response from the backend service. + +## Cleanup + +To clean up the resources, delete the created Kubernetes resources and namespaces: + +```bash +kubectl delete -f deployment/backend-deployment.yaml +kubectl delete -f deployment/backend-service.yaml +kubectl delete -f deployment/frontend-deployment.yaml +kubectl delete -f deployment/frontend-service.yaml +kubectl delete -f deployment/network-policy.yaml +kubectl delete namespace demo-namespace +``` + +## License + +This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details. + +## Acknowledgments + +- [Flask](https://flask.palletsprojects.com/) +- [Kubernetes](https://kubernetes.io/) + +This `DEMO.md` includes instructions for: + +- Cloning the repository. +- Building and pushing Docker images for both the backend and frontend applications. +- Deploying the applications and network policy to a Kubernetes cluster. +- Verifying the network policy. +- Cleaning up resources. + +This should provide a comprehensive guide for anyone looking to understand and deploy the project. \ No newline at end of file diff --git a/manifests/app-namespace.yml b/manifests/app-namespace.yml new file mode 100644 index 0000000..5ebeb39 --- /dev/null +++ b/manifests/app-namespace.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: demo-cni-app \ No newline at end of file diff --git a/manifests/backend-deployment.yml b/manifests/backend-deployment.yml new file mode 100644 index 0000000..a424910 --- /dev/null +++ b/manifests/backend-deployment.yml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: flask-api +spec: + replicas: 1 + selector: + matchLabels: + app: flask-api + template: + metadata: + labels: + app: flask-api + spec: + containers: + - name: flask-api + image: ghcr.io/tom9eiger/backend-demo:latest + ports: + - containerPort: 80 diff --git a/manifests/backend-service.yml b/manifests/backend-service.yml new file mode 100644 index 0000000..e6c30a3 --- /dev/null +++ b/manifests/backend-service.yml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: flask-api-service +spec: + selector: + app: flask-api + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: ClusterIP diff --git a/manifests/demo-namespace.yml b/manifests/demo-namespace.yml new file mode 100644 index 0000000..b6d1867 --- /dev/null +++ b/manifests/demo-namespace.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: debug-pods \ No newline at end of file diff --git a/manifests/demo-pod.yml b/manifests/demo-pod.yml new file mode 100644 index 0000000..0d2dc55 --- /dev/null +++ b/manifests/demo-pod.yml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Pod +metadata: + name: demo-pod + namespace: demo-namespace +spec: + containers: + - name: demo-container + image: busybox + command: ["sh", "-c", "sleep 3600"] \ No newline at end of file diff --git a/manifests/frontend-deployment.yml b/manifests/frontend-deployment.yml new file mode 100644 index 0000000..5297a54 --- /dev/null +++ b/manifests/frontend-deployment.yml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frontend +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + template: + metadata: + labels: + app: frontend + spec: + containers: + - name: frontend + image: ghcr.io/tom9eiger/frontend-demo:latest + ports: + - containerPort: 80 diff --git a/manifests/frontend-service.yml b/manifests/frontend-service.yml new file mode 100644 index 0000000..cd15d81 --- /dev/null +++ b/manifests/frontend-service.yml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: frontend-service +spec: + selector: + app: frontend + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: ClusterIP diff --git a/manifests/network-policy.yml b/manifests/network-policy.yml new file mode 100644 index 0000000..764f8ea --- /dev/null +++ b/manifests/network-policy.yml @@ -0,0 +1,29 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-frontend-to-backend +spec: + podSelector: + matchLabels: + app: flask-api + policyTypes: + - Ingress + ingress: + - from: + podSelector: + matchLabels: + app: frontend + ports: + - protocol: TCP + port: 80 +# --- +# apiVersion: networking.k8s.io/v1 +# kind: NetworkPolicy +# metadata: +# name: deny-all-other-traffic +# spec: +# podSelector: +# matchLabels: +# app: flask-api +# policyTypes: +# - Ingress