Let's see how we can deploy the app on OKE and test it. The app native executable is in the runtime container image published to a private OCIR repo by the DevOps Build Pipeline in the previous section.
-
If you haven't already, go to the
OCI Console >> Developer Services >> Kubernetes Clusters (OKE) >> Create Cluster >> Quick Createto create a single node OKE Cluster in your compartment. -
From the OKE cluster details page, go to
Quick Start >> Access Your Cluster, download the kubeconfig file and set up your local environment. -
As our runtime image is in a private OCIR repo, we will need a Kubernetes secret for OKE to pull the image from OCIR. Note that OCIR stands for OCI Registry which is different from OCR (Oracle Container Registry).
-
Before creating a Kubernetes secret, we should store our auth token as a secret in the OCI Vault created in the previous section.
-
Before running the command to create a Kubernetes secret, set the following environment variables. Replace the
<placeholder-value>with your values.export k8s_secret_name='ocircreds' export k8s_secret_namespace='default' #### Replace the '<placeholder-value>' with your values: export region_registry='<region-code>.ocir.io' ## e.g., 'phx.ocir.io' export tenancy_namespace='<tenancy-namespace>' ## e.g., 'ansh81vru1zp' export oci_username='<OCI-user-name>' ## e.g., '[email protected]' export email_address='<email-address>' ## e.g., '[email protected]' #### Use your auth token secret OCID from your Vault: export vault_secret_ocid='ocid1.vaultsecret.oc1.phx.ama...ilq'
-
Run this command to create a Kubernetes secret. This command uses the environment variables set above.
#### Create the Kubernetes secret: kubectl create secret docker-registry ${k8s_secret_name} \ -n ${k8s_secret_namespace} \ --docker-server=${region_registry} \ --docker-username=${tenancy_namespace}/${oci_username} \ --docker-email=${email_address} \ --docker-password=`oci secrets secret-bundle get --raw-output --secret-id ${vault_secret_ocid} --query "data.\"secret-bundle-content\".content" | base64 -d`
The output is similar to:
secret/ocircreds createdThe k8s_secret_name
ocircredsshould match the value ofspec.template.spec.imagePullSecrets.name:in the oke_manifest_native_exec_ee.yaml. -
Update the value of the
spec.template.spec.containers.image:in the oke_manifest_native_exec_ee.yaml to use the latest image and tag published to the OCIR repo by the DevOps Build Pipeline in the previous section. -
Deploy the selected image from the OCIR repo using the following command:
kubectl apply -f ./oke-manifests/oke_manifest_native_exec_ee.yaml
The output is similar to:
deployment.apps/jibber-ni-gvmee22-jdk17-deploy created service/jibber-ni-gvmee22-jdk17-service createdThis will deploy the selected image and start the container in your OKE cluster. It will provision an OCI Load Balancer, and expose the app using the external (public) IP address of the load balancer.
-
Check the status of the deployment.
kubectl get deployments -o wide
-
Check the status of the pod.
kubectl get pods -o wide
-
Get the load balancer's external (public) IP address by running this command:
kubectl get svc -o wide
-
To test the app running on OKE, go to
http://<EXTERNAL-IP>/jibberin a browser and you should see a nonsense verse. -
To check the pod logs, run this command:
kubectl logs -l app=jibber-ni-gvmee22-jdk17
-
To delete the OCI Load Balancer and the app-related resources (deployment, pod, service) from the OKE cluster:
kubectl delete -f ./oke-manifests/oke_manifest_native_exec_ee.yaml
The output is similar to:
deployment.apps "jibber-ni-gvmee22-jdk17-deploy" deleted service "jibber-ni-gvmee22-jdk17-service" deleted