Tuesday, March 12, 2019

IntelliJ, Eclipse and Java 11


https://blog.jetbrains.com/idea/2018/06/java-11-in-intellij-idea-2018-2/

you must install IDEA 2018.2 or greater. 2018.1 will not work, it supports only Java 10. It's a 500 MB monster so be patient.

https://www.jetbrains.com/idea/download/ download 2018.3.5 here

then configure the platform JDK with your installed JDK 11 (of course you must have installed this JDK from Oracle or OpenJDK!), with ALT-SHIFT-CONTROL-S (project structure/SDKs)



then configure Java 11 level (File/Project Structure/Modules and File/Project Structure/Project)



also don't forget the bytecode level (File/Settings/Java Compiler):





If you get the "invalid source release: 11" , it's possible that you misconfigured the "platform JDK"




For Eclipse it's much easier: install Eclipse 2018-09 (4.9), then install this add-on:

https://marketplace.eclipse.org/content/java-11-support-eclipse-2018-09-49

make sure you configure the JDK in the "installed JRA" preferences tab,

and when you create a new project, select jdk11 and create the module-info by default.
All works fine.




Monday, March 11, 2019

yipee.io, the online kubernetes yaml generator

I agree with every word written here:

https://yipee.io/wp-content/uploads/2018/10/yipee-whitepaper-oct-2018.pdf


beyond a very basic deployment, working directly with yaml files is suicidal.

I will explore this yipee and see if I can use it regularly, as replacement for a really primitive "vi mypod.yml"



Sunday, March 10, 2019

Kubernetes Java client to generate yaml files for you

If you - like me - hate having to type YAML by hand, you can take advantage of a pre-build K8S Model and YAML serialization tool:

https://github.com/fabric8io/kubernetes-client

<dependency>
    <groupId>io.fabric8</groupId>
    <artifactId>kubernetes-client</artifactId>
    <version>4.1.3</version>
</dependency>


import io.fabric8.kubernetes.api.model.Pod;
import io.fabric8.kubernetes.api.model.apps.DeploymentBuilder;
import io.fabric8.kubernetes.client.DefaultKubernetesClient;
import io.fabric8.kubernetes.client.KubernetesClient;
import io.fabric8.kubernetes.client.internal.SerializationUtils;

public class KubernetesClientTest {
 public static void main(String[] args) throws JsonProcessingException {
  String yaml = SerializationUtils.dumpAsYaml(new DeploymentBuilder().withNewSpec().endSpec().build());
  System.out.println(yaml);
  
  KubernetesClient client = new DefaultKubernetesClient();
  Pod pod = new Pod();
  System.out.println(pod);
  String podyaml = SerializationUtils.dumpAsYaml(pod);
  System.out.println(podyaml);
 }

}




The model is incredibly rich.... one has only to learn how to use it...

good presentation of Azure Kubernetes

https://youtu.be/gmN732qN1Gg


The session is available also here https://myignite.techcommunity.microsoft.com/sessions/65005
and here https://mediusproduction.blob.core.windows.net/presentations/Ignite2018/BRK2396.pptx you can download the slides (on the movie the resolution is quite lame)

What is https://en.wikipedia.org/wiki/Microsoft_Ignite ?


Azure DevSpaces https://docs.microsoft.com/en-us/azure/dev-spaces/
it's a direct tie between Visual Studio and AKS, with debugging of containers.


Azure Container Registry https://docs.microsoft.com/en-us/azure/container-registry/

Namespace-level RBAC security access, using AD groups.

Key Vaults contain Kubernetes and Application secrets (NO certificates in container!)

ACI https://docs.microsoft.com/en-us/azure/container-instances/ Azure Container Instances

OSB https://github.com/azure/open-service-broker-azure

Training modules:

https://docs.microsoft.com/en-us/learn/azure/ Introduction to Azure

https://docs.microsoft.com/en-us/learn/modules/welcome-to-azure/3-tour-of-azure-services an introduction to Azure Services

Friday, March 8, 2019

Quarkus Kubernetes and Katacoda

https://quarkus.io/guides/kubernetes-guide

I open a Katacoda lab with minikube in it https://www.katacoda.com/courses/kubernetes/launch-single-node-cluster

First step: https://quarkus.io/guides/getting-started-guide.html

git clone https://github.com/quarkusio/quarkus-quickstarts.git
cd getting-started
mvn compile quarkus:dev

now open a new terminal and "curl http://localhost:8080/hello"



cd quarkus-quickstarts/
cd getting-started-kubernetes/

#install graalvm
mkdir /root/graalvm
cd /root/graalvm
curl -L -o graalvm-ce-1.0.0-rc13-linux-amd64.tar.gz https://github.com/oracle/graal/releases/download/vm-1.0.0-rc13/graalvm-ce-1.0.0-rc13-linux-amd64.tar.gz
tar xvfz graalvm-ce-1.0.0-rc13-linux-amd64.tar.gz
export GRAALVM_HOME=/root/graal/graalvm-ce-1.0.0-rc13

mvn packate -Pnative

here I get plenty of compilation errors, so I am giving up...


GraalVM is available here http://www.graalvm.org/downloads/
and more instructions here https://www.graalvm.org/docs/getting-started/






Kubernetes cheat sheet 3


Network Policies


kubectl get networkpolicy

kubectl describe networkpolicy

Name:         payroll-policy
Namespace:    default
Created on:   2019-03-08 08:47:51 +0000 UTC
Labels:       <none>
Annotations:  <none>
Spec:
  PodSelector:     name=payroll
  Allowing ingress traffic:
    To Port: 8080/TCP
    From:
      PodSelector: name=internal
  Allowing egress traffic:
    <none> (Selected pods are isolated for egress connectivity)
  Policy Types: Ingress


apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: internal-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      name: internal
  policyTypes:
  - Egress
  - Ingress
  ingress:
    - {}
  egress:
  - to:
    - podSelector:
        matchLabels:
          name: mysql
    ports:
    - protocol: TCP
      port: 3306

  - to:
    - podSelector:
        matchLabels:
          name: payroll
    ports:
    - protocol: TCP
      port: 8080




VOLUMES



https://portworx.com/basic-guide-kubernetes-storage/ good article

https://kubernetes.io/docs/concepts/storage/volumes/


https://kubernetes.io/docs/concepts/storage/persistent-volumes/

kind: PersistentVolume
apiVersion: v1
metadata:
  name: task-pv
spec:
  capacity:
    storage: 100Gi
  accessModes:
    - ReadWriteOnce
  awsElasticBlockStore:
    volumeID: vol-867g5kii
    fsType: ext4


https://github.com/kodekloudhub/kubernetes-challenge-1-wordpress







Wednesday, March 6, 2019

Exploring VS Code plugin for Kubernetes

Crafting yaml by hand is not ideal.

Install VS Code:

https://linuxize.com/post/how-to-install-visual-studio-code-on-centos-7/


the simply type "code" ( I could not find the shortcut in Applications/Programming)

ctrl-shift-X , type "Kubernetes", and install the first one (by Microsoft)

and also "Kubernetes Tools" https://marketplace.visualstudio.com/items?itemName=ms-kubernetes-tools.vscode-kubernetes-tools

https://github.com/Azure/vscode-kubernetes-tools source code here


https://code.visualstudio.com/docs/azure/kubernetes

Of course you must have AKS CLI installed https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-yum?view=azure-cli-latest

When you start "code" and click on the Kubernetes icon on the left, you get all the clusters listed in /home/centos/.kube/config file




Tuesday, March 5, 2019

Kubernetes cheat sheet 2

Namespaces


kubectl get pods --namespace=dev
kubectl get pods --namespace=default

kubectl config set-context $(kubectl config current-context) --namespace=dev


ConfigMap


kubectl create configmap myconfigmap --from-literal=APP_COLOR=blue
kubectl create -f myconfigmap.yml

apiVersion: v1
kind: ConfigMap
metadata:
  name: myconfigmap
data:
  APP_COLOR: blue
  APP_MODE: prod

then you inject into a container definition using
envFrom: 
- configMapRef
    name: myconfigmap

kubectl get configmaps
kubectl describe configmaps db-config


Secrets


kubectl create secret generic mysecret --from-literal=mykey=myvalue

apiVersion: v1
kind: Secret
metadata:
  name: app-secret
data:
  DBHost: mysql
  DBUser: root
  DBPassword: password


kubectl create -f secret_data.yaml


SECURITY

https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

you can declare at Pod or container level:

spec:
  securityContext:
    runAsUser: 1000
    capabilities:
      add: ["MAC_ADMIN"]

#check which user runs the container
kubectl exec ubuntu-sleeper whoami



kubectl create serviceaccount dashboard-sa
kubectl get serviceaccount
kubectl describe serviceaccount dashboard-sa
kubectl describe secret dashboard-sa-account-token

curl https://myip/api -insecure --header "Authorization: Bearer PASTE_THE_TOKEN_HERE"

#change serviceaccount for a deployment
kubectl --record deployment.apps/web-dashboard set serviceaccount dashboard-sa



RESOURCES


resources:
  requests:
    memory: "1Gi"
    cpu: 1




Taints and Tolerations


kubectl taint nodes node-name key=value:taint-effect

taint-effect can be: NoSchedule, PreferNoSchedule, NoExecute

key=value can be app=blue


tolerations:
- key: "app"
operator: "Equal"
value: "blue"
effect: "NoSchedule"



to remove taint:

kubectl taint nodes master node-role.kubernetes.io/master:NoSchedule-


NODE SELECTOR


nodeSelector:
  size: Large


where size is a key and Large a value

to label a node:
kubectl label node mynode key=value

affinity:
 nodeAffinity:
   requiredDuringSchedulingIgnoredDuringExecution:
  nodeSelectorTerms:
  - matchExpressions:
    - key: color
   operator: In
   values:
   - blue
  


Readiness Probe


https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/

in the spec/containers/ section for each container:

readinessProbe:
  httpGet:
    path: /api/ready
    port: 8080
  initialDelaySeconds: 10
  periodSeconds: 5

beside httpGet you can have: "tcpSocket: port:", "exec: command:"



Liveness Probe


livenessProbe:
  httpGet:
    path: /api/ready
    port: 8080





Sunday, March 3, 2019

Kubernetes cheat sheet 1

https://kubernetes.io/docs/reference/kubectl/cheatsheet/

alias k=kubectl

PODS


https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/

kubectl run nginx --image=nginx


kubectl create -f nginx.yml


apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
spec:
  containers:
    - name: nginx-container
      image: nginx


kubectl describe pods nginx-pod


kubectl get pods -o wide

kubectl edit pod nginx-pod

kubectl delete pod nginx-pod


kubectl get pod pod-name -o yaml > pod-definition.yaml

Replication Controller


kubectl create -f rc-definition.yml

apiVersion: v1
kind: ReplicationController
metadata:
  name: nginx
  spec:
    replicas: 3
    selector:
      app: nginx
    template:
      metadata:
        name: nginx
        labels:
          app: nginx
      spec:
        containers:
          - name: nginx
            image: nginx
            ports:
              - containerPort: 80

kubectl get rc


Replica Set


kubectl create -f rs-definition.yml

apiVersion: apps/v1
kind: ReplicaSet
metadata:
  name: frontend
  labels:
    app: guestbook
    tier: frontend
spec:
# modify replicas according to your case
  replicas: 3
  selector:
    matchLabels:
      tier: frontend
  template:
    metadata:
      labels:
      tier: frontend
    spec:
      containers:
        - name: php-redis
          image: gcr.io/google_samples/gb-frontend:v3

kubectl get replicaset

kubectl describe replicaset

kubectl replace

kubectl scale --replicas=3 rs/myrs

kubectl get rs myrs -o yaml


Deployments


https://kubernetes.io/docs/concepts/workloads/controllers/deployment/

kubectl create -f mydeployment.yml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
  spec:
    replicas: 3
    selector:
      matchLabels:
        app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - name: nginx
          image: nginx:1.7.9
          ports:
            - containerPort: 80

kubectl get all






Excellent Kubernetes Developer Certification training on Udemy

https://www.udemy.com/certified-kubernetes-application-developer for only 11 USD !

Mumshad Mannambeth is a fantastic trainer, focusing on concepts but analyzing every detail in a very visual manner.



Hands On Full Stack Development with Spring Boot 2.0 and React by Juha Hinkula




you are warned: "incula" is a terrible word in Italian, so if you talk about this book with Italians you should be very careful.

https://github.com/PacktPublishing/Hands-On-Full-Stack-Development-with-Spring-Boot-2.0-and-React


Better to install MariaDB.

If you want to change root password:

cd D:\Program Files\MariaDB 10.3\bin

mysqladmin.exe --user=root --password=oldpassword password "newpassword"

to connect

mysql -u root -p

create database cardb



For chapter04, password can be replaced with "pippo" (bcrypted the value is $2a$04$ryGKh2NmcAj.dRzU/MDDVeTApJAMrfbyzVVGlclK8u/HLrTamBH5m )


curl -u admin:pippo http://localhost:8080/api (this will fail because you need a valid JWT token)

then the POST to localhost:8080/login must have a body {"username": "admin", "password": "pippo" }

and in the Authorization header you get Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImV4cCI6MTU1MTY0Nzg3OX0.DlHNCsxwasv4wjZcar2afWWx5ispQWFfIfL6NEnsrDYucLqPQWO53WcmUUDJfw12t0ux-9P-HzwF8qKnd1SNDg