This project involves setting up a three-tier architecture (Proxy, Backend, Database) on Kubernetes. Each tier is deployed as a Kubernetes Deployment with two replicas for redundancy. All resources are organized under the webapp namespace. The project also integrates Persistent Volume (PV) and Persistent Volume Claim (PVC) for data persistence and a secret for database credentials.
-
Namespace (
ns.yaml):- A separate namespace,
webapp, is used to isolate all resources in the project.
apiVersion: v1 kind: Namespace metadata: name: webapp
- A separate namespace,
-
Backend Deployment (
backend-deployment.yaml):- This deployment runs two replicas of the backend application.
- Secret for database credentials (
db-secret) is mounted as a volume. - An init container pre-configures secrets before the backend container starts.
apiVersion: apps/v1 kind: Deployment metadata: name: backend-deployment namespace: webapp labels: app: backend-deployment spec: replicas: 2 selector: matchLabels: app: backend template: metadata: labels: app: backend spec: volumes: - name: db-password secret: secretName: db-secret - name: pre-install emptyDir: {} initContainers: - name: pre-install image: busybox command: ['sh', '-c', 'cat /db-secret/db-password >> /run/secrets/db-password'] volumeMounts: - name: db-password mountPath: "/db-secret" - name: pre-install mountPath: "/run/secrets" containers: - name: backend image: omarbanna/backend10:latest imagePullPolicy: Never ports: - containerPort: 8000 volumeMounts: - name: pre-install mountPath: "/run/secrets" - name: db-password mountPath: "/db-secret"
-
Backend Service (
backend-service.yaml):- A
ClusterIPservice for the backend to allow internal communication between other pods.
apiVersion: v1 kind: Service metadata: name: backendservice namespace: webapp spec: selector: app: backend ports: - protocol: TCP port: 8000 targetPort: 8000
- A
-
Database Deployment (
db-deployment.yaml):- Runs a MySQL database with one replica.
- The database password is sourced from the secret
db-secret. - Persistent storage is managed using a PVC (
my-pvc).
apiVersion: apps/v1 kind: Deployment metadata: name: database-deployment namespace: webapp labels: app: database-deployment spec: replicas: 1 selector: matchLabels: app: database template: metadata: labels: app: database spec: volumes: - name: db-password secret: secretName: db-secret - name: db-data persistentVolumeClaim: claimName: my-pvc containers: - name: database image: mysql:8.0 env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: db-secret key: db-password - name: MYSQL_DATABASE value: "example" ports: - containerPort: 3306 volumeMounts: - name: db-data mountPath: "/var/lib/mysql"
-
Database Service (
db-service.yaml):- A
ClusterIPservice for the database, allowing internal access to the MySQL instance from other services.
apiVersion: v1 kind: Service metadata: name: db namespace: webapp spec: selector: app: database ports: - protocol: TCP port: 3306 targetPort: 3306
- A
-
Proxy Deployment (
proxy-deployment.yaml):- Runs the proxy with two replicas.
- Configured to forward traffic to the backend.
apiVersion: apps/v1 kind: Deployment metadata: name: proxy-deployment namespace: webapp labels: app: proxy-deployment spec: replicas: 2 selector: matchLabels: app: proxy template: metadata: labels: app: proxy spec: containers: - name: proxy image: omarbanna/proxy10:latest imagePullPolicy: IfNotPresent ports: - containerPort: 443
-
Proxy Service (
proxy-service.yaml):- A
NodePortservice for external access to the proxy, exposing it on port30002.
apiVersion: v1 kind: Service metadata: name: proxy-service namespace: webapp spec: selector: app: proxy type: NodePort ports: - name: https protocol: TCP port: 443 targetPort: 443 nodePort: 30002
- A
-
Persistent Volume (
PV.yaml):- A 5GB persistent volume for the database storage.
apiVersion: v1 kind: PersistentVolume metadata: name: db-pv namespace: webapp spec: capacity: storage: 5Gi storageClassName: standard accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain hostPath: path: "/var/mysql"
-
Persistent Volume Claim (
PVC.yaml):- A 1GB persistent volume claim used by the MySQL database.
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: my-pvc namespace: webapp spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi
-
Credentials Volume (
credentials-Volume.yaml):- The
db-credentials.txtsecret is mounted in the backend and database deployments, providing secure access to sensitive data.
apiVersion: v1 kind: Secret metadata: name: db-secret namespace: webapp data: db-password: U3Ryb25nUEBzc3cwcmQyMDI0
- The
11.pods testing
- Namespace Isolation: All resources are contained within the
webappnamespace, ensuring isolation. - Service Communication: The proxy communicates with the backend using the
ClusterIPservice, while the backend communicates with the database service. - Data Persistence: The MySQL database uses a persistent volume claim (
PVC) to ensure data persistence across pod restarts. - Secret Management: Sensitive database credentials are stored securely in Kubernetes secrets and mounted into the appropriate pods.