{"id":17911773,"url":"https://github.com/comradeprogrammer/vu-softwarecontainerization","last_synced_at":"2025-08-19T00:08:08.664Z","repository":{"id":217366236,"uuid":"743159898","full_name":"ComradeProgrammer/Vu-SoftwareContainerization","owner":"ComradeProgrammer","description":"coderen voor het lab van de cursus \"Software Containerization\"","archived":false,"fork":false,"pushed_at":"2024-02-05T11:14:21.000Z","size":233,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-03T06:48:09.314Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ComradeProgrammer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-14T14:14:36.000Z","updated_at":"2024-01-16T01:16:53.000Z","dependencies_parsed_at":"2024-01-16T01:24:35.265Z","dependency_job_id":"74a716a6-8d57-40b6-9d59-228fb3a19743","html_url":"https://github.com/ComradeProgrammer/Vu-SoftwareContainerization","commit_stats":null,"previous_names":["comradeprogrammer/vu-softwarecontainerization"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ComradeProgrammer/Vu-SoftwareContainerization","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ComradeProgrammer%2FVu-SoftwareContainerization","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ComradeProgrammer%2FVu-SoftwareContainerization/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ComradeProgrammer%2FVu-SoftwareContainerization/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ComradeProgrammer%2FVu-SoftwareContainerization/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ComradeProgrammer","download_url":"https://codeload.github.com/ComradeProgrammer/Vu-SoftwareContainerization/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ComradeProgrammer%2FVu-SoftwareContainerization/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271078587,"owners_count":24695473,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-18T02:00:08.743Z","response_time":89,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-28T19:40:18.734Z","updated_at":"2025-08-19T00:08:08.615Z","avatar_url":"https://github.com/ComradeProgrammer.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Vu-SoftwareContainerization\n## 1.Illustration of the project structure\nT.B.D\n\n## 2.Procedures to deploy this project\n*NB: Unless specified, all the commands are executed in the main folder*\n### 2.1 Prerequisites\n#### Build the images\nBuild frontend image: in frontend folder, execute\n```\ndocker buildx build --platform linux/amd64,linux/arm64 -t tjm1999/xm0091-frontend:0.1 . --push\n```\n\nBuild backend image: in backend folder, execute\n```\ndocker buildx build --platform linux/amd64,linux/arm64 -t tjm1999/xm0091-backend:0.1 . --push\n```\n\n### 2.2 Deployment \n### Step 1. Start a k8s cluster in minikube\n```shell\nminikube start\n```\n### Step 2. Mount a volume and Deploy a Mysql Database\nThis project requires an existing database. In reality, it is normal to have one centralized database seperated from the cloud services.\n\n#### Step 2.1 Create a persistent volume\n```shell\nkubectl apply -f cluster-configuration/persistent_volume.yaml\n```\n#### Step 2.2 Create a mysql database\n- cluster-configuration/mysql/config_map.yaml is the ConfigMap resource which specified the mysqld configuration file, and will be mounted to the container.\n- cluster-configuration/mysql/pvc.yaml is a PersistentVolumeClain resource which apply a persistent volume for the database.\n- cluster-configuration/mysql/secret.yaml contains the mysql account and password. The default username is `root`, and the password is `123456`. \n- mysql.yaml contains the Deployment and Service.\n\n```shell\n kubectl apply -f cluster-configuration/mysql/config_map.yaml \\\n    -f cluster-configuration/mysql/secret.yaml \\\n    -f  cluster-configuration/mysql/pvc.yaml  \\\n    -f cluster-configuration/mysql/mysql.yaml \\\n```\n\nAfter that, connect to this DB and create a database called 'vegan'.\n\n```\nkubectl get pods\n```\nGet the name of mysql pod.\n```\nkubectl exec -it \u003cmysql-pod-name\u003e -- /bin/bash\n\n```\nEnter mysql pod\n\n\n```\nmysql -u root -p\n```\nEnter the password\n\n\n```\nCREATE DATABASE vegan;\n```\nExecute this command to build a database named vegan\n\n```\nexit;\n```\nExit MySQL client\n\n```\nexit\n```\nExit the pod\n\n\n### Step3 Create users for the k8s cluster\n\nFirst, we are going to create a user called 'viewer' as an example illustrating what command we used in this assignment. In the helm charts, this user will be mounted with the role \"viewer\".\n\n*All the commands in this step should be executed in the cluster-configuration/auth*\n\n\n```\nopenssl genrsa -out myuser.key 2048\nopenssl req -new -key viewer.key -out viewer.csr -subj \"/CN=viewer\"\ncat viewer.csr | base64 | tr -d \"\\n\"\n```\nThen put the base64 encoded csr into the spec.request field of the viewer_csr.yaml\n```\nkubectl apply -f viewer_csr.yaml  \n```\n\nThen sign the request in the k8s cluster and export the certificate.\n```\nkubectl  certificate approve viewer \nkubectl get csr viewer -o jsonpath='{.status.certificate}'| base64 -d \u003e viewer.crt                              \n```\n\nFinally create the context for this user in KUBECONFIG\n```\n kubectl config set-credentials viewer --client-key=viewer.key --client-certificate=viewer.crt --embed-certs=true\n\n kubectl config set-context viewer --cluster=minikube --user=viewer # set the cluster name accordingly\n\n```\n\n### Step4: Generate certificates signed by a self-made certificate authority\nAll the procedures in this step happens in cert/ folder\n#### Step4.1 generate a self-made ca\n```\nopenssl genrsa -out ca.key 2048\nopenssl req -new -key ca.key -out ca.csr\necho \"subjectAltName=DNS:vegan.test,IP:127.0.0.1\" \u003e cert_extensions\nopenssl x509 -req -days 36500 -in ca.csr -signkey ca.key -extfile cert_extensions -out ca.crt\n```\n\n### Step4.2 Use OpenSSL to generate a self-made certificate \n```\nopenssl genrsa  -out server.key 2048 \nopenssl req -new -key server.key -out server.csr\nopenssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial \\\n    -sha256 -days 3650 -extfile cert_extensions -in server.csr -out server.crt\n```\n\nNow we can see the server's key: server.key and the certificate: server.csr.\nThey will be encoded into base64 format and stored in the secret, which will be mounted on the ingress.\n### Step4.3 Start the ingress controller\ninstall the nginx ingress addons\n```\nminikube addons enable ingress \n```\n\nWhen we want to visit this ingress later, we need tocreate the tunnel to expose the ingress's endpoint\n```\nminikube tunnel \n```\n\n### Step 5: Use Helm to install\nThe helm chart is in helm/vegan.\n- Execute `helm install vegan helm/vegan` to directly install it\n- Execute `helm uninstall vegan` to directly uninstall it\n- Modify values in values.yaml and then execute `helm upgrade vegan helm/vegan` to upgrade is. (You may want to set autoscaling.enabled=true in values.yaml)\n- Execute `helm template vegan ./helm/vegan  --debug   \u003e test.yaml` to see the k8s config rendered by helm\n\n## 3. Security\n### 3.1 Network policies\nPlease check helm/vegan/templates/network_policy_allowall.yaml, helm/vegan/templates/network_policy_blacklist.yaml, helm/vegan/templates/deny_all.yaml and helm/vegan/templates/white_list.yaml\n\n### 3.2 RBAC\nPlease check helm/vegan/templates/roles.yaml and helm/vegan/templates/rolebinding.yaml.\n\n\n## 4. GCP \nDeploy to GCP is quite similar to local deployment. Connect to Google Cloud Shell terminal and git pull this repository, then execute everything above except commands related to  minikube. \n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcomradeprogrammer%2Fvu-softwarecontainerization","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcomradeprogrammer%2Fvu-softwarecontainerization","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcomradeprogrammer%2Fvu-softwarecontainerization/lists"}