Explore Kubernetes
Oracle Backend for Microservices and AI includes a number of platform services which are deployed into the Oracle Container Engine for Kubernetes cluster. You configured kubectl to access your cluster in an earlier module. In this task, you will explore the services deployed in the Kubernetes cluster. A detailed explanation of Kubernetes concepts is beyond the scope of this course.
-
Explore namespaces
Kubernetes resources are grouped into namespaces. To see a list of the namespaces in your cluster, use this command, your output will be slightly different:
$ kubectl get ns NAME STATUS AGE admin-server Active 4h56m apisix Active 4h56m application Active 4h57m azn-server Active 4h56m cert-manager Active 4h59m coherence Active 4h56m conductor-server Active 4h56m config-server Active 4h55m default Active 5h8m eureka Active 4h57m grafana Active 4h55m ingress-nginx Active 4h57m kafka Active 4h56m kaniko Active 5h1m kube-node-lease Active 5h8m kube-public Active 5h8m kube-state-metrics Active 4h57m kube-system Active 5h8m metrics-server Active 4h57m obaas-admin Active 4h55m observability Active 4h55m open-telemetry Active 4h55m oracle-database-exporter Active 4h55m oracle-database-operator-system Active 4h59m otmm Active 4h55m prometheus Active 4h57m vault Active 4h54m
Here is a summary of what is in each of these namespaces:
admin-server
contains Spring Admin which can be used to monitor and manage your servicesapisix
contains the APISIX API Gateway and Dashboard which can be used to expose services outside the clusterapplication
is a pre-created namespace with the Oracle Database wallet and secrets pre-configured to allow services deployed there to access the Oracle Autonomous Database instancecert-manager
contains Cert Manager which is used to manage X.509 certificates for servicescloudbank
is the namespace where you deployed the CloudBank sample applicationconductor-server
contains Netflix Conductor OSS which can be used to manage workflowsconfig-server
contains the Spring CLoud Config Servereureka
contains the Spring Eureka Service Registry which is used for service discoverygrafana
contains Grafana which can be used to monitor and manage your environmentingress-nginx
contains the NGINX ingress controller which is used to manage external access to the clusterkafka
contains a three-node Kafka cluster that can be used by your applicationobaas-admin
contains the Oracle Backend for Microservices and AI administration server that manages deployment of your servicesobservability
contains Jaeger tracing which is used for viewing distributed tracesopen-telemetry
contains the Open Telemetry Collector which is used to collect distributed tracing information for your servicesoracle-database-operator-system
contains the Oracle Database Operator for Kubernetes which can be used to manage Oracle Databases in Kubernetes environmentsotmm
contains Oracle Transaction Manager for Microservices which is used to manage transactions across servicesprometheus
contains Prometheus which collects metrics about your services and makes the available to Grafana for alerting and dashboardsvault
contains HashiCorp Vault which can be used to store secret or sensitive information for services, like credentials for example
Kubernetes namespaces contain other resources like pods, services, secrets and config maps. You will explore some of these now.
-
Explore pods
Kubernetes runs workloads in “pods.” Each pod can container one or more containers. There are different kinds of groupings of pods that handle scaling in different ways. Use this command to review the pods in the
apisix
namespace:$ kubectl -n apisix get pods NAME READY STATUS RESTARTS AGE apisix-558f6f64c6-ff6xf 1/1 Running 0 4h57m apisix-dashboard-6f865fcb7b-n76c7 1/1 Running 4 (4h56m ago) 4h57m apisix-etcd-0 1/1 Running 0 4h57m apisix-etcd-1 1/1 Running 0 4h57m apisix-etcd-2 1/1 Running 0 4h57m
The first pod listed is the APISIX API Gateway itself. It is part of a Kubernetes “deployment”. The next pod is running the APISIX Dashboard user interface - there is only one instance of that pod running. And the last three pods are running the etcd cluster that APISIX is using to store its state. These three pods are part of a “stateful set”.
To see details of the deployments and stateful set in this namespace use this command:
$ kubectl -n apisix get deploy,statefulset NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/apisix 3/3 3 3 6d18h deployment.apps/apisix-dashboard 1/1 1 1 6d18h NAME READY AGE statefulset.apps/apisix-etcd 3/3 6d18h
If you want to view extended information about any object you can specify its name and the output format, as in this example:
$ kubectl -n apisix get pod apisix-etcd-0 -o yaml
-
Explore services
Kubernetes services are essentially small load balancers that sit in front of groups of pods and provide a stable network address as well as load balancing. To see the services in the
apisix
namespace use this command:$ kubectl -n apisix get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE apisix-admin ClusterIP 10.96.26.213 <none> 9180/TCP 4h59m apisix-dashboard ClusterIP 10.96.123.62 <none> 80/TCP 4h59m apisix-etcd ClusterIP 10.96.54.248 <none> 2379/TCP,2380/TCP 4h59m apisix-etcd-headless ClusterIP None <none> 2379/TCP,2380/TCP 4h59m apisix-gateway NodePort 10.96.134.86 <none> 80:32130/TCP 4h59m apisix-prometheus-metrics ClusterIP 10.96.31.169 <none> 9091/TCP 4h59m
Notice that the services give information about the ports. You can get detailed information about a service by specifying its name and output format as you did earlier for a pod.
-
Explore secrets
Sensitive information in Kubernetes is often kept in secrets that are mounted into the pods at runtime. This means that the container images do not need to have the sensitive information stored in them. It also helps with deploying to different environments where sensitive information like URLs and credentials for databases changes based on the environment.
Oracle Backend for Microservices and AI creates a number of secrets for you so that your applications can securely access the Oracle Autonomous Database instance. Review the secrets in the pre-created
application
namespace using this command. Note, the name of the secrets will be different in your environment depending on the application name you gave when deploying the application.$ kubectl -n application get secret NAME TYPE DATA AGE account-db-secrets Opaque 4 57m admin-liquibasedb-secrets Opaque 5 56m checks-db-secrets Opaque 4 57m customer-db-secrets Opaque 4 56m encryption-secret-key Opaque 1 5h1m public-key Opaque 1 5h1m registry-auth kubernetes.io/dockerconfigjson 1 5h registry-login Opaque 5 5h registry-pull-auth kubernetes.io/dockerconfigjson 1 5h registry-push-auth kubernetes.io/dockerconfigjson 1 5h testrunner-db-secrets Opaque 4 56m tls-certificate kubernetes.io/tls 5 5h zimbadb-db-secrets Opaque 5 5h zimbadb-tns-admin Opaque 9 5h
Whenever you create a new application namespace with the CLI and bind it to the database, these secrets will be automatically created for you in that namespace. There will two secrets created for the database, one contains the credentials to access the Oracle Autonomous Database. The other one contains the database client configuration files (
tnsadmin.ora
,sqlnet.ora
, the keystores, and so on). The name of the secret depends on the application name you gave (or got autogenerated) during install, in the example above the application name iszimba
.You can view detailed information about a secret with a command like this, you will need to provide the name of your secret which will be based on the name you chose during installation (your output will be different). Note that the values are uuencoded in this output:
$ kubectl -n application get secret zimbadb-db-secrets -o yaml apiVersion: v1 data: db.name: xxxxxxxxxx db.password: xxxxxxxxxx db.service: xxxxxxxxxx db.username: xxxxxxxxxx secret: xxxxxxxxxx kind: Secret metadata: creationTimestamp: "2024-05-08T16:38:06Z" moduleels: app.kubernetes.io/version: 1.2.0 name: zimbadb-db-secrets namespace: application resourceVersion: "3486" uid: 66855e8d-22a5-4e24-b3df-379dd033ed1f type: Opaque
When you deploy a Spring Boot microservice application into Oracle Backend for Microservices and AI, the pods that are created will have the values from this secret injected as environment variables that are referenced from the
application.yaml
to connect to the database. Thexxxxxx-tns-admin
secret will be mounted in the pod to provide access to the configuration and keystores to allow your application to authenticate to the database.