Skip to content

Commit 3e4af56

Browse files
GuopingJiaGuopingJia
committed
Update Blog “deploying-super-mario-game-on-kubernetes-in-hpe-greenlake-for-private-cloud-enterprise”
1 parent 5b64934 commit 3e4af56

7 files changed

+292
-51
lines changed

content/blog/deploying-super-mario-game-on-kubernetes-in-hpe-greenlake-for-private-cloud-enterprise.md

Lines changed: 292 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,9 @@ tags:
1414
- Super Mario
1515
- Tetris
1616
---
17-
This blog post shows you the detailed process to deploy Super Mario game to the Kubernetes in HPE GreenLake for Private Cloud Enterprise
17+
<style> li { font-size: 27px; line-height: 33px; max-width: none; } </style>
18+
19+
This blog post shows you the detailed process to deploy Super Mario game to the Kubernetes in HPE GreenLake for Private Cloud Enterprise.
1820

1921
### Prerequisites
2022

@@ -25,65 +27,304 @@ Before starting, make sure you have the following:
2527
* The optional openssl CLI tool, for validating the generated certificates
2628

2729
```shell
28-
$ k get all -n metallb-system
29-
NAME READY STATUS RESTARTS AGE
30-
pod/controller-57b4fdc957-dr4h4 1/1 Running 0 18d
31-
pod/speaker-9kx9h 1/1 Running 0 18d
32-
pod/speaker-d6sdh 1/1 Running 0 18d
33-
pod/speaker-gxbbx 1/1 Running 0 18d
34-
pod/speaker-hflbj 1/1 Running 0 18d
35-
pod/speaker-wfw9n 1/1 Running 0 18d
36-
37-
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
38-
service/webhook-service ClusterIP 10.107.242.167 <none> 443/TCP 18d
39-
40-
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
41-
daemonset.apps/speaker 5 5 5 5 5 kubernetes.io/os=linux 18d
42-
43-
NAME READY UP-TO-DATE AVAILABLE AGE
44-
deployment.apps/controller 1/1 1 1 18d
45-
46-
NAME DESIRED CURRENT READY AGE
30+
$ k get all -n metallb-system
31+
NAME READY STATUS RESTARTS AGE
32+
pod/controller-57b4fdc957-dr4h4 1/1 Running 0 18d
33+
pod/speaker-9kx9h 1/1 Running 0 18d
34+
pod/speaker-d6sdh 1/1 Running 0 18d
35+
pod/speaker-gxbbx 1/1 Running 0 18d
36+
pod/speaker-hflbj 1/1 Running 0 18d
37+
pod/speaker-wfw9n 1/1 Running 0 18d
38+
39+
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
40+
service/webhook-service ClusterIP 10.107.242.167 <none> 443/TCP 18d
41+
42+
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
43+
daemonset.apps/speaker 5 5 5 5 5 kubernetes.io/os=linux 18d
44+
45+
NAME READY UP-TO-DATE AVAILABLE AGE
46+
deployment.apps/controller 1/1 1 1 18d
47+
48+
NAME DESIRED CURRENT READY AGE
4749
replicaset.apps/controller-57b4fdc957 1 1 1 18d
4850
```
4951

52+
```shell
53+
$ k get all -n ingress-nginx
54+
NAME READY STATUS RESTARTS AGE
55+
pod/ingress-nginx-controller-5957546d75-zjwjh 1/1 Running 0 15d
5056

57+
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
58+
service/ingress-nginx-controller LoadBalancer 10.98.254.246 10.6.115.251 80:30209/TCP,443:30833/TCP 15d
59+
service/ingress-nginx-controller-admission ClusterIP 10.109.187.223 <none> 443/TCP 15d
5160

52-
```shell
53-
$ k get all -n ingress-nginx
54-
NAME READY STATUS RESTARTS AGE
55-
pod/ingress-nginx-controller-5957546d75-zjwjh 1/1 Running 0 15d
56-
57-
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
58-
service/ingress-nginx-controller LoadBalancer 10.98.254.246 10.6.115.251 80:30209/TCP,443:30833/TCP 15d
59-
service/ingress-nginx-controller-admission ClusterIP 10.109.187.223 <none> 443/TCP 15d
60-
61-
NAME READY UP-TO-DATE AVAILABLE AGE
62-
deployment.apps/ingress-nginx-controller 1/1 1 1 15d
63-
64-
NAME DESIRED CURRENT READY AGE
61+
NAME READY UP-TO-DATE AVAILABLE AGE
62+
deployment.apps/ingress-nginx-controller 1/1 1 1 15d
63+
64+
NAME DESIRED CURRENT READY AGE
6565
replicaset.apps/ingress-nginx-controller-5957546d75 1 1 1 15d
6666
```
6767

6868
```shell
69-
$ k get all -n cert-manager
70-
NAME READY STATUS RESTARTS AGE
71-
pod/cert-manager-6bcdd5f7c-f7lfw 1/1 Running 0 18d
72-
pod/cert-manager-cainjector-5d4577b4d9-jmpsp 1/1 Running 0 18d
73-
pod/cert-manager-webhook-bf957dc77-s9r2g 1/1 Running 0 18d
74-
75-
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
76-
service/cert-manager ClusterIP 10.109.28.203 <none> 9402/TCP 18d
77-
service/cert-manager-webhook ClusterIP 10.100.82.119 <none> 443/TCP 18d
78-
79-
NAME READY UP-TO-DATE AVAILABLE AGE
80-
deployment.apps/cert-manager 1/1 1 1 18d
81-
deployment.apps/cert-manager-cainjector 1/1 1 1 18d
82-
deployment.apps/cert-manager-webhook 1/1 1 1 18d
83-
84-
NAME DESIRED CURRENT READY AGE
85-
replicaset.apps/cert-manager-6bcdd5f7c 1 1 1 18d
86-
replicaset.apps/cert-manager-cainjector-5d4577b4d9 1 1 1 18d
69+
$ k get all -n cert-manager
70+
NAME READY STATUS RESTARTS AGE
71+
pod/cert-manager-6bcdd5f7c-f7lfw 1/1 Running 0 18d
72+
pod/cert-manager-cainjector-5d4577b4d9-jmpsp 1/1 Running 0 18d
73+
pod/cert-manager-webhook-bf957dc77-s9r2g 1/1 Running 0 18d
74+
75+
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
76+
service/cert-manager ClusterIP 10.109.28.203 <none> 9402/TCP 18d
77+
service/cert-manager-webhook ClusterIP 10.100.82.119 <none> 443/TCP 18d
78+
79+
NAME READY UP-TO-DATE AVAILABLE AGE
80+
deployment.apps/cert-manager 1/1 1 1 18d
81+
deployment.apps/cert-manager-cainjector 1/1 1 1 18d
82+
deployment.apps/cert-manager-webhook 1/1 1 1 18d
83+
84+
NAME DESIRED CURRENT READY AGE
85+
replicaset.apps/cert-manager-6bcdd5f7c 1 1 1 18d
86+
replicaset.apps/cert-manager-cainjector-5d4577b4d9 1 1 1 18d
8787
replicaset.apps/cert-manager-webhook-bf957dc77 1 1 1 18d
8888
```
8989

90+
```shell
91+
$ cat issuer-selfsigned.yaml
92+
apiVersion: cert-manager.io/v1
93+
kind: Issuer
94+
metadata:
95+
name: cfe-selfsigned-issuer
96+
spec:
97+
selfSigned: {}
98+
99+
$ k apply -f issuer-selfsigned.yaml -n cfe-games
100+
issuer.cert-manager.io/cfe-selfsigned-issuer created
101+
102+
$ k get issuer -n cfe-games
103+
NAME READY AGE
104+
cfe-selfsigned-issuer True 10s
105+
```
106+
107+
```shell
108+
$ cat certificate-game.yaml
109+
apiVersion: cert-manager.io/v1
110+
kind: Certificate
111+
metadata:
112+
name: cfe-selfsigned-tls
113+
spec:
114+
# name of the tls secret to store
115+
# the automatically generated certificate/key pair
116+
secretName: cfe-tls-key-pair
117+
isCA: true
118+
issuerRef:
119+
name: cfe-selfsigned-issuer
120+
kind: Issuer
121+
commonName: "example.com"
122+
dnsNames:
123+
# one or more fully-qualified domain name
124+
# can be defined here
125+
- super-mario.example.com
126+
- tetris.example.com
127+
- example.com
128+
129+
$ k apply -f certificate-game.yaml -n cfe-games
130+
certificate.cert-manager.io/cfe-selfsigned-tls created
131+
132+
$ k get certificate -n cfe-games
133+
NAME READY SECRET AGE
134+
cfe-selfsigned-tls True cfe-tls-key-pair 8s
135+
136+
$ k get secrets -n cfe-games cfe-tls-key-pair
137+
NAME TYPE DATA AGE
138+
cfe-tls-key-pair kubernetes.io/tls 3 35s
139+
```
140+
141+
```shell
142+
$ openssl x509 -in <(kubectl get secret -n cfe-games cfe-tls-key-pair -o jsonpath='{.data.tls\.crt}' | base64 -d) -text -noout
143+
Certificate:
144+
Data:
145+
Version: 3 (0x2)
146+
Serial Number:
147+
2d:0e:ee:67:d2:e0:e2:e6:bc:f2:9a:da:2b:78:66:86
148+
Signature Algorithm: sha256WithRSAEncryption
149+
Issuer: CN = example.com
150+
Validity
151+
Not Before: Feb 21 17:33:40 2024 GMT
152+
Not After : May 21 17:33:40 2024 GMT
153+
Subject: CN = example.com
154+
Subject Public Key Info:
155+
Public Key Algorithm: rsaEncryption
156+
RSA Public-Key: (2048 bit)
157+
Modulus:
158+
00:d7:88:2a:e6:67:20:62:e4:25:f8:cd:63:b7:75:
159+
bf:ac:d4:5a:8a:32:1c:06:29:17:96:cb:6b:36:97:
160+
7f:9b:1d:f2:d6:f2:a4:f1:63:32:9b:7f:42:a1:31:
161+
40:b6:02:ec:0b:37:a6:60:fb:11:72:28:96:91:90:
162+
55:26:c5:58:3c:dd:a0:4b:a2:ab:33:19:29:88:24:
163+
da:73:81:af:99:9b:df:7f:26:14:36:1b:56:93:24:
164+
e9:91:d0:89:e1:62:d0:45:22:64:0b:c4:1d:96:71:
165+
ab:ee:61:94:00:f6:60:71:10:10:fc:3e:d1:6b:b6:
166+
5b:0b:bf:18:0c:86:90:b0:f9:eb:78:8c:dc:90:4e:
167+
ef:87:1f:ac:22:56:2b:92:23:ae:fe:bb:48:1e:13:
168+
40:03:b7:54:02:44:8f:ae:c6:61:bf:d4:e9:f7:17:
169+
72:a8:98:72:b7:a6:e0:16:29:8d:ca:4a:1e:08:89:
170+
78:f7:88:b7:ac:d2:b8:8d:89:88:c3:c7:04:f4:ff:
171+
00:64:37:6f:3f:5a:43:2c:ce:e4:69:b2:a8:44:fe:
172+
77:41:ec:97:b8:7b:82:49:b0:65:8e:fc:1f:1c:2b:
173+
37:ea:46:9d:e4:5c:a0:56:9f:d8:3b:78:83:28:b5:
174+
ac:a9:61:ce:25:c7:54:c8:a3:96:f6:a8:48:f4:57:
175+
56:3b
176+
Exponent: 65537 (0x10001)
177+
X509v3 extensions:
178+
X509v3 Key Usage: critical
179+
Digital Signature, Key Encipherment, Certificate Sign
180+
X509v3 Basic Constraints: critical
181+
CA:TRUE
182+
X509v3 Subject Key Identifier:
183+
3F:DD:BB:BB:DB:23:47:E1:EC:39:1E:BE:03:AC:D4:7E:2A:E2:A6:FA
184+
X509v3 Subject Alternative Name:
185+
DNS:super-mario.example.com, DNS:tetris.example.com, DNS:example.com
186+
Signature Algorithm: sha256WithRSAEncryption
187+
78:46:61:2d:b8:27:fe:18:59:b2:57:ef:88:2b:2f:20:9f:a5:
188+
4a:28:33:64:46:78:e3:c4:7f:40:4a:38:ad:ca:0a:2e:7d:31:
189+
7f:70:81:e1:50:b6:4e:a5:02:31:bf:26:44:89:b2:1f:5c:3d:
190+
63:b8:62:bf:9c:b3:f0:96:76:bb:b0:3e:47:0e:bc:5e:fa:9c:
191+
9c:98:36:1d:2f:72:3d:b9:11:30:94:b0:2e:2f:a3:57:18:07:
192+
5d:bf:aa:0d:c6:36:20:2a:8f:a6:11:7c:e4:2f:03:07:2e:c4:
193+
cd:33:07:3f:c2:54:30:e0:bf:d1:8e:20:0a:bc:a3:90:39:46:
194+
d4:ed:03:c2:71:a1:43:b4:a6:c0:73:13:14:ea:a4:52:39:8f:
195+
72:59:00:1a:5f:1c:6e:1e:b7:4d:b5:9e:43:cd:e7:89:5a:07:
196+
ad:ce:41:f4:5a:cd:73:ee:bc:f4:01:73:92:9d:c4:a6:f1:8d:
197+
eb:43:af:65:78:8d:f0:e6:c3:df:bc:44:ca:19:c5:da:3f:a2:
198+
4d:89:fa:8e:63:33:3d:4d:8d:b3:98:3b:d9:12:c0:d9:3a:82:
199+
07:bc:81:fb:5d:c9:e5:38:3c:ec:d3:3e:e9:bc:e4:13:84:07:
200+
f3:c7:85:8a:46:ba:69:13:c7:a8:14:42:4b:ee:f9:2a:b4:3b:
201+
d9:8f:9c:50
202+
```
203+
204+
```shell
205+
$ tree k8s-games/
206+
k8s-games/
207+
├── README.md
208+
├── super-mario
209+
│   ├── deployment.yaml
210+
│   └── service.yaml
211+
└── tetris
212+
├── deployment.yaml
213+
└── service.yaml
214+
```
215+
216+
```shell
217+
$ k apply -f super-mario/ -n cfe-games
218+
deployment.apps/mario-deployment created
219+
service/mario-service created
220+
221+
$ k apply -f tetris/ -n cfe-games
222+
deployment.apps/tetris-deployment created
223+
service/tetris-service created
224+
225+
226+
$ k get all -n cfe-games
227+
NAME READY STATUS RESTARTS AGE
228+
pod/mario-deployment-96f79d8f-dw9hh 1/1 Running 0 19s
229+
pod/mario-deployment-96f79d8f-wsf7s 1/1 Running 0 13s
230+
pod/tetris-deployment-86d744fb47-7kmwl 1/1 Running 0 7s
231+
pod/tetris-deployment-86d744fb47-hqmgd 1/1 Running 0 10s
232+
233+
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
234+
service/mario-service ClusterIP 10.104.144.88 <none> 80/TCP 22s
235+
service/tetris-service ClusterIP 10.111.218.14 <none> 80/TCP 10s
236+
237+
NAME READY UP-TO-DATE AVAILABLE AGE
238+
deployment.apps/mario-deployment 2/2 2 2 24s
239+
deployment.apps/tetris-deployment 2/2 2 2 12s
240+
241+
NAME DESIRED CURRENT READY AGE
242+
replicaset.apps/mario-deployment-96f79d8f 2 2 2 24s
243+
replicaset.apps/tetris-deployment-86d744fb47 2 2 2 12s
244+
```
245+
246+
```shell
247+
$ cat ingress-host-based-selfsigned-games.yaml
248+
apiVersion: networking.k8s.io/v1
249+
kind: Ingress
250+
metadata:
251+
name: ingress-host-based-selfsigned
252+
annotations:
253+
ingress.kubernetes.io/ssl-redirect: "true"
254+
#kubernetes.io/ingress.class: "nginx"
255+
cert-manager.io/issuer: "cfe-selfsinged-issuer"
256+
spec:
257+
ingressClassName: nginx
258+
tls:
259+
- hosts:
260+
- example.com
261+
secretName: cfe-tls-key-pair
262+
rules:
263+
- host: super-mario.example.com
264+
http:
265+
paths:
266+
- path: /
267+
pathType: Prefix
268+
backend:
269+
service:
270+
name: mario-service
271+
port:
272+
number: 80
273+
- host: tetris.example.com
274+
http:
275+
paths:
276+
- path: /
277+
pathType: Prefix
278+
backend:
279+
service:
280+
name: tetris-service
281+
port:
282+
number: 80
283+
```
284+
285+
```shell
286+
$ k describe ingress ingress-host-based-selfsigned -n cfe-games
287+
Name: ingress-host-based-selfsigned
288+
Labels: <none>
289+
Namespace: cfe-games
290+
Address:
291+
Ingress Class: nginx
292+
Default backend: <default>
293+
TLS:
294+
cfe-tls-key-pair terminates example.com
295+
Rules:
296+
Host Path Backends
297+
---- ---- --------
298+
super-mario.example.com
299+
/ mario-service:80 (10.192.4.21:80,10.192.4.22:80)
300+
tetris.example.com
301+
/ tetris-service:80 (10.192.3.231:3000,10.192.4.27:3000)
302+
Annotations: cert-manager.io/issuer: cfe-selfsinged-issuer
303+
ingress.kubernetes.io/ssl-redirect: true
304+
Events:
305+
Type Reason Age From Message
306+
---- ------ ---- ---- -------
307+
Normal Sync 30s nginx-ingress-controller Scheduled for sync
308+
Normal CreateCertificate 30s cert-manager-ingress-shim Successfully created Certificate "cfe-tls-key-pair"
309+
```
310+
311+
```shell
312+
$ host super-mario.example.com
313+
super-mario.example.com has address 10.6.115.251
314+
315+
316+
$ host tetris.example.com
317+
tetris.example.com has address 10.6.115.251
318+
```
319+
320+
![](/img/mario-private.png)
321+
322+
![](/img/mario-certificate.png)
323+
324+
![](/img/super-mario.png)
325+
326+
![](/img/tetris-private.png)
327+
328+
![](/img/tetris-start.png)
329+
330+
![](/img/tetris.png)

static/img/mario-certificate.png

61.7 KB
Loading

static/img/mario-private.png

56.4 KB
Loading

static/img/super-mario.png

123 KB
Loading

static/img/tetris-private.png

57.2 KB
Loading

static/img/tetris-start.png

24.6 KB
Loading

static/img/tetris.png

91.9 KB
Loading

0 commit comments

Comments
 (0)