- Assuming we have a Docker image in a registry for the two application services, the web API and Mongo DB, we then need to do the following:
- Define a deployment for Mongo DB using a
StatefulSet
; let's call this deploymentdb-deployment
. TheStatefulSet
should have one replica (replicating Mongo DB is a bit more involved and is outside of the scope of this book). - Define a Kubernetes service called
db
of typeClusterIP
for thedb-deployment.
- Define a deployment for the web API; let's call it
web-deployment
. Let's scale this service to three instances. - Define a Kubernetes service called
api
of typeNodePort
forweb-deployment.
- If we use secrets, then define those secrets directly in the cluster using
kubectl.
- Deploy the application using
kubectl.
- Define a deployment for Mongo DB using a
- To implement layer 7 routing for an application, we ideally use an
IngressController
. TheIngressController
is a reverse proxy such as Nginx that has a sidecar listening on the Kubernetes Server API for relevant changes and updating the reverse proxy's configuration and restarting it, if such a change has been detected. We then need to define Ingress resources in the cluster which define the routing, for example from a context-based route such ashttps://example.com/pets
to<a service name>/<port>
pair such asapi/32001
. The moment Kubernetes creates or changes this Ingress object, theIngressController
's sidecar picks it up and updates the proxy's routing configuration. - Assuming this is a cluster internal inventory service:
- When deploying version 1.0 we define a deployment called
inventory-deployment-blue
and label the pods with a labelcolor: blue.
- We deploy the Kubernetes service of type
ClusterIP
calledinventory
for the preceding deployment with the selector containingcolor: blue.
- When ready to deploy the new version of the payments service, we first define a deployment for version 2.0 of the service and call it
inventory-deployment-green
. We add a labelcolor: green
to the pods. - We can now smoke test the "green" service and when everything is OK, we can update the inventory service such as the selector contains
color: green
.
- When deploying version 1.0 we define a deployment called
- Some type of information that is confidential and thus should be provided to services through Kubernetes secrets include: passwords, certificates, API key IDs, API key secrets or tokens.
- Sources for secret values can be files or base64 encoded values.