K8s Resume Challenge: Containerization
Kubernetes is container orchestration system. With that said, it is only appropriate that our workloads be containerized.
Our “product” consists of a kodecloud ecommerce site backed by a MariaDB database. To reach our goal of having it all managed via Kubernetes, a first step involves containerizing the website and database.
First, let us focus on the web app.
FROM php:7.4-apache
RUN docker-php-ext-install mysqli
COPY --chown=www-data:www-data --chmod=755 . /var/www/html/
EXPOSE 80
Short and sweet. (And can be better. But for now, it’ll do.)
Next, we’re going to use the official mariadb
image.
In order to quickly test without relying on a Kubernetes cluster, we’ll quickly write up a Docker Compose to test together.
---
services:
mariadb:
image: mariadb
container_name: mariadb
restart: unless-stopped
environment:
- MARIADB_ROOT_PASSWORD=ecompassword
volumes:
- ./sql/:/docker-entrypoint-initdb.d
ports:
- 3306:3306
web:
image: ariyonaty/ecom-web:v1
container_name: web
ports:
- 80:80
environment:
- DB_HOST=mariadb
- DB_USER=ecomuser
- DB_PASSWORD=ecompassword
- DB_NAME=ecomdb
As you can see… very secure.
Notice that we mount a volume into the mariadb container. This contains a few SQL initialization scripts. The first script sets up the database user and password that will be used by the application.
CREATE USER 'ecomuser'@'%' IDENTIFIED BY 'ecompassword';
GRANT ALL PRIVILEGES ON *.* TO 'ecomuser'@'%';
FLUSH PRIVILEGES;
The second script creates the database we will be using for the application and populates it with some data.
CREATE DATABASE ecomdb;
USE ecomdb;
CREATE TABLE products
(
id MEDIUMINT(8) UNSIGNED NOT NULL auto_increment,
name VARCHAR(255) DEFAULT NULL,
price VARCHAR(255) DEFAULT NULL,
imageurl VARCHAR(255) DEFAULT NULL,
PRIMARY KEY (id)
)
auto_increment=1;
INSERT INTO products
(name,
price,
imageurl)
VALUES ("laptop",
"100",
"c-1.png"),
("drone",
"200",
"c-2.png"),
("vr",
"300",
"c-3.png"),
("tablet",
"50",
"c-5.png"),
("watch",
"90",
"c-6.png"),
("phone covers",
"20",
"c-7.png"),
("phone",
"80",
"c-8.png"),
("laptop",
"150",
"c-4.png");
With that done, running docker compose up
and hitting port 80 shows a sign of success.
Placeholder for improvements
- Run container security scan on each image
- Potentially replace base images (i.e., Chainguard)
- Update Dockerfile according to best practices