Skaffold on microk8s kubernettes

Here is how to install configure and use microk8s with skaffold, step by step. Based on the Kubernetes course:

installation:

curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-amd64 && sudo install skaffold /usr/local/bin/

create the initial project skaffold configuration:

skaffold init 

create alias to kubectl for skaffold to be able to use it :  

sudo snap alias microk8s.kubectl kubectl

provide microk8s config to skaffold:

microk8s.kubectl config view --raw > $HOME/.kube/config

update the pod configuration to use the image from microk8s:

image: localhost:32000/php-app 

(add localhost:32000...)

enable microk8s registry addon: 

microk8s.enable registry
then test the registry if it works: http://localhost:32000/v2/

run skaffold monitoring by providing repo to the insecure microk8s repo:

skaffold dev --default-repo=localhost:32000
Check if the pod is running:

kubectl get pods

Expose the pod ports to be browsable:

kubectl port-forward pod/skaffold-pod 8080:4000

Optional: In case we need to debug inside the container:   

docker run -ti localhost:32000/php-app:latest /bin/bash

Congratulations and enjoy the course !

Install phpmyadmin in Ubuntu 20.04

Here is how to install phpmyadmin on Ubuntu 20.04
References: Practical Ubuntu Linux Server for beginners

We need fist to have mysql-server installed, where phpmyadmin will store its data. For this reason we will run:
sudo apt install mysql-server

Then some libraries for the functioning of phpmyadmin as well as the phpmyadmin package:
sudo apt install phpmyadmin php-mbstring php-zip php-gd php-json php-curl php libapache2-mod-php
Note: if there is a problem in the installation you can Ignore, or Abort the configuration of phpmyadmin.

Let's now go and login inside of MySQL as root:
sudo mysql -u root 

or if you already have password/user then: login with: sudo mysql -u user -p

Next we will adjust the MySQL root password, as well as its method of authentication:
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';

Optional: 

Configure Apache in order to serve phpmyadmin (if not already done by installation of phpmyadmin): inside of etc/apache/conf-available/ we create the following phpmyadmin.conf file:

Alias /phpmyadmin /usr/share/phpmyadmin
<Directory /usr/share/phpmyadmin/>
   AddDefaultCharset UTF-8
   <IfModule mod_authz_core.c>
      <RequireAny>
      Require all granted
     </RequireAny>
   </IfModule>
</Directory>
 
<Directory /usr/share/phpmyadmin/setup/>
   <IfModule mod_authz_core.c>
     <RequireAny>
       Require all granted
     </RequireAny>
   </IfModule>
</Directory>

Lastly, we need to activate the above configuration file with:
a2enconf phpmyadmin.conf
and then restart the apache2 service to reload and accept the changed configuration:
sudo systemctl restart apache2.service

Now is time to open up in the browser to: http://127.0.0.1/phpmyadmin
and use the combination that we already set: root / password

Congratulations and enjoy learning !

NodeJS JSON API + MongoDB + JWT + ES6 forms

Here is how to create a real-life NodeJS API together with a login form.

Resources:

JavaScript for beginners - learn by doing

Learn Node.js, Express and MongoDB + JWT

We will start with the HTML representing the form as well as its JavaScript functionality:

formLogin.html

  <html>

   <body>

    <form id="myform">

     <div>

      <label for="email">Email:</label>

      <input type="text" id="email" name="email" />
 
     </div>
 
     <div>
 
      <label for="password">Password:</label>
 
      <input type="password" id="password" name="password" />
 
     </div>
 
     <div class="button">
 
      <button type="submit" id="loginUser">Send</button>
 
     </div>
 
    </form>

 
    <div id="result"></div>


    <script type="text/javascript">

     async function fetchData(url = '', data = {}, method, headers = {}) {
 
      const response = await fetch(
 
       url, {
 
        method,
 
        headers: { 'Content-Type': 'application/json', ...headers },
 
        ...data && { body: JSON.stringify(data) },
 
       });
 
       return response.json();
 
      }

 
      
      let form = document.querySelector('#myform');
 
       if (form) {
 
        form.addEventListener('submit', (e) => {

         e.preventDefault();

         fetchData(

          '/user/login',

          { email: this.email.value, password: this.password.value },

          'POST'
 
         ).then((result) => {
 
          if (result.token) {
 
           // request the url with token
 
           fetchData('/info', null, 'GET', { Bearer: result.token })
 
           .then((result) => { console.log(result); });
 
           return;
 
          }
 
          document.querySelector('#result').innerHTML = `message: ${result.message}`;
 
         })
 
         .catch(error => console.log('error:', error));
 
        })
 
       }
 
     </script>

   </body>

  </html>
  

our main node server: index.js

import express from "express";

import mongoose from "mongoose";

import dotenv from "dotenv";



// import the routes

import routes from "./routes/routes.js";


// create an express instance

const app = express();


app.use(express.json())


// setup the middleware routes

routes(app);


// config the database credentials

dotenv.config();


// connect to the database

mongoose.connect(
 
 process.env.DB_CONNECT,
 
 { useNewUrlParser: true, useUnifiedTopology: true },
 
 () => console.log("connected to mongoDB")

);


// listen for errors

mongoose.connection.on('error', console.error.bind(console, 'MongoDB connection error:'));


// listen on port 3000

app.listen(3000, () => console.log("server is running"));


 

application routes: routes.js

import { loginUser } from "../controllers/controller.js";

import { info } from "../controllers/info.js"; // the protected route

import { auth } from "../controllers/verifyToken.js"; // middleware for validating the token


import * as path from 'path';

import { fileURLToPath } from 'url';

const __filename = fileURLToPath(import.meta.url); // The absolute URL of the current file.

const __dirname = path.dirname(__filename); // parse just the directory




const routes = app => {
 
 app.route("/user/login").get((req, res) => { res.sendFile('formLogin.html', { root: path.join(__dirname, "../views") }); });
 
 app.route("/user/login").post((req, res) => loginUser(req, res)); // we capture inside req, and res

 
 app.route("/info").get(auth, (req, res) => info(req, res)); // we capture inside req, and res
 
 // and insert the auth middleware to process the token

};

export default routes;

 

our main controller: controller.js

import mongoose from "mongoose";

mongoose.set("useCreateIndex", true);

import { userSchema } from "../models/user.js";

import jwt from "jsonwebtoken";


const User = mongoose.model("users", userSchema); // users is the name of our collection!

export const addNewUser = (req, res) => {
 
 User.init(() => {
 
 // init() resolves when the indexes have finished building successfully.
 
 // in order for unique check to work

 
 
  let newUser = new User(req.body); // just creating w/o saving
 
  newUser.password = newUser.encryptPassword(req.body.password);

 
  newUser.save((err, user) => { // now saving
 
   if (err) {
 
    res.json({ 'message': 'duplicate email' });
 
   }
 
   res.json(user);
 
  });
 
 });

};


 
export const loginUser = (req, res) => {

 
 if (req.body.password == null || req.body.email == null) {
 
  res.status(400).json({ 'message': 'Please provide email / password' });
 
  return;
 
 }

 
 User.init(() => {
 
  User.findOne({ email: req.body.email }, (err, user) => {
 
   if (err) {
 
    res.json(err);
 
    return;
 
   }
 
   if (user == null) {
 
    res.status(400).json({ 'message': 'Non existing user' });
 
    return;
 
   });

 
    
   // here user is the fetched user
 
   const validPassword = user.validatePassword(req.body.password, user.password);

 
   if (!validPassword) {
 
    res.status(400).json({ 'message': 'Not valid password' });
 
    return;
 
   }

 
   // create and send a token to be able to use it in further requests
 
   const token = jwt.sign({ _id: user._id }, process.env.TOKEN_SECRET);
 
   res.header("auth-token", token) // set the token in the header of the response
 
   .json({ 'token': token }); // display the token
 
   });
 
  });

 };

js helper middleware for working with JWT tokens: verifyToken.js

    import jwt from "jsonwebtoken";

    export const auth = (req, res, next) => {
 
     const token = req.header("Bearer"); 
 
     if (!token) return res.status(401).json({'message':'access denied'});
 
     const verified = jwt.verify(token, process.env.TOKEN_SECRET);
 
     if (!verified) res.status(400).message({'message':'Invalid token'});
 
     // continue from the middleware to the next processing middleware :)
 
     next();

     };

 

user database model: user.js

import mongoose from 'mongoose';

import bcrypt from 'bcryptjs';


let userSchema = new mongoose.Schema(
 
 {
 
  email: {
 
   type: String,
 
   requires: "Enter email",
 
   maxlength: 50,
 
   unique: true
 
  },
 
  password: {
 
   type: String,
 
   required: "Enter password",
 
   maxlength: 65
 
  }
 
 },
 
 {
 
  timestamps: true
 
 }

);


userSchema.method({
 
 encryptPassword: (password) => {
 
  return bcrypt.hashSync(password, bcrypt.genSaltSync(5));
 
 },
 
 validatePassword: (pass1, pass2) => {
 
  return bcrypt.compareSync(pass1, pass2);
 
 }

});


export { userSchema }; 

Congratulations !

Web app deployment inside of Kubernetes with microk8s

based on the Kubernetes course:

 

1) install microk8s: sudo snap install microk8s

2) enable registry & dns: microk8s.enable registry dns

MONGODB deployment & service

3) configure the mongodb deployment

generate 2 secrets using md5sum from shell

MONGO_INITDB_ROOT_USERNAME=--insert_here_encrypted_username-- -e MONGO_INITDB_ROOT_PASSWORD=--insert_here_encrypted_password-- -e MONGO_INITDB_DATABASE=admin

4) apply the MongoDB database deployment and service

microk8s.kubectl apply -f mongodb-deployment.yaml

5) check the environment variables inside the container

5.1) enter inside the deployment:

microk8s.kubectl exec -it deployment.apps/mongodb-deployment sh

5.2) env

6.1) get inside the mongodb container:

from Docker: docker exec -it mongo bash

from Kubernetes: microk8s.kubectl exec -it mongodb-deployment--insert_your_deployment_id -- /bin/sh

6.2) authenticate to the mongodb database container:

mongo -u insert_here_encrypted_username -p insert_here_encrypted_password --authenticationDatabase admin

Our application deployment & service

7) build the docker image of our application:
docker build . -t localhost:32000/mongo-app:v1
8) test the image using port forwarding:
docker run -p 3000:3000 localhost:32000/mongo-app:v1

or: docker run  -it --rm -p 3000:3000 localhost:32000/mongo-app:v1

9) push the image into the kubernetes registry
docker push localhost:32000/mongo-app:v1

10) apply our custom application: microk8s.kubectl apply -f mongo.yaml

11) check whether the IP addresses of the service and pods match. This means that the service endpoints are correctly set and math the created pods:

microk8s.kubectl describe service
microk8s.kubectl get pod -o wide

Congratulations!

Permissions inside and outside of Docker containers

References: Docker for web developers course.

1) In Dockerfile, when building a container:

Inside the Dockerfile we can fix the container directory permissions: chown -R www-data:www-data /var/lib/nginx ->in order to let nginx to function properly

volumes & not empty dir -> files are copied from the dir to volume

bind mount & not empty dir -> if there are files they stay, nothing is being copied from the bind mount point

2) In docker-compose.yml

- volumes (volume:/var/lib/myslq) inherit the permissions and ownership from the user created the image - usually root.

- bind mounts (/my/own/datadir:/var/lib/mysql) - the permissions and ownership are the same as the directory on your host.

Even if in the Dockerfile we have: USER node or in docker-compose is specified user: "node:node", the local directory will be mounted preserving its UID:GID in the container, ignoring the USER directive.

Special case: when doing bind-mount and the uid in container != uid on host:

Solution is to change the ownership of the local dir before building the container and creating the bind with the same user/group: chown -R www-data:www-data /var/lib/nginx
There is a catch: when local uid <> container uid in the container then we will have mismatched permissions. We can solve this problem using UID/GID synchronization:

// optional

Check the user running the container from the dockerhub image: USER directive.
id -u

Check the container user to which group belongs (find its UID)
cat /etc/passwd | grep nevyan

id, groups, grep nevyan /etc/group

// end optional

1) Check the user which runs the server inside the container

ps aux | grep apache(server_name)

2) When having proper UID:GID, we again use chown but this time not with user/group names, but with UID:GUIDs

MySQL example: By default the MySQL image uses a non-root user with uid=1001. If we try to bind mount a local /var/lib/mysql (MySQL data directory not owned by UID 1001), to a non-root docker container - this will fail. Since user 1001 (from the container) needs to perform read/write operations to our local directory.

Solution: change the local directory permissions with numeric UID/GID expected by the container: sudo chown -R 1001 /my/own/datadir

Install Wine & run Windows programs on Ubuntu 20.04 / 20.10

Wine is a preferred windows emulator when you want to run native Windows applications on Linux. Here is how easy is to install Wine on Ubuntu 20.04

For more information on Linux, I recommend taking the Practical Ubuntu Linux Server for beginners course.

 

Just follow the steps:

1) install wine32 first in order to include the i386 libraries:

apt install wine32 and wine

2) install winetricks in order to easily install external windows libraries. If you want to know which libraries are required just run wine your_app.exe and check the produced log:

apt install winetricks

3) use winetrics dlls combined with the libraries required by your application:

winetricks dlls mfc42 vcrun2010

4) run wine somefile.exe

Congratulations, and if you would like, you can enjoy the full Ubuntu admin course !

Compositon in JavaScript

Be sure to check out this JavaScript course.

Here is an example of Angular component using a template decorator in TypeScript:

@Component({
template: '<div>Woo a component!</div>',
})
export class ExampleComponent {
constructor() {
console.log('Hey I am a component!');
}
}

In JavaScript a decorator can be viewed as a composite with only one component and it isn’t intended for object aggregation. Here is the  Decorator pattern in action:

const setTemplate = (component) => {
// override
component.template += '<p>new information</p>';
}

const component = {
template: "<div>hello</div>",
};
setTemplate(component); // pass the whole object to the setTemplate function

console.log(component.template);


Enter Mixins:
They find good usage base for object aggregation as well as inside of multiple components, at the same time have some drawbacks:

const externalLib = {
// ... other functions we use
setTemplate: () => { console.log('overriding...'); } // overriding function
}

Introducing partial composition using inheritance mixin:

const myComponent = Object.assign(

Properties of the target object are overwritten by properties of the source object, if they have the same key. This way later sources' properties overwrite earlier ones.
{
setTemplate: () => { console.log('original'); } // initially in our object will be overriden from ExternalLib
},
externalLib
)
myComponent.setTemplate();

We can update the mixin code, but this solves just half way the problem, as this time our function will overwrite the externalLib functionality:

const myComponent = Object.assign({}, externalLib, {

setTemplate: () => { console.log('overriding externalLib...'); } // when composing objects using .assign() last properties take precedence
});

Composition: solving the override (fragile base) problem

const externalLib = {

// ... other functions we use
setTemplate: () => { console.log('overriding original...'); } // overriding function
}

const myComponent = {
setTemplate: () => { console.log('original'); },
externalLib
}

myComponent.setTemplate();

This way our object contains, rather than mixes, the library object. And now there's no more fragile base problem.

Piping example, keep in mind that it is mutable or mutates the properties of the composed object:

const pipe = (...funcs) => initialArg => funcs.reduce((acc, func) => func(acc), initialArg);

const setTemplate = () => {
return "<div>hello</div>"
};

const setName = key => arg => {
return `${arg} + ${key}!`;
};

const Component = pipe(
setTemplate,
setName('John'),
);

const component = Component();
console.log(component);


Updating the piping using states, making the state immutable:

const pipe = (...funcs) => initialArg => funcs.reduce((acc, func) => func(acc), initialArg);

const setTemplate = (state = {}) => { // create a state on the first run
return { // return copy of the state object (immutability!)
...state,
change: inputTemplate => { // template is input parameter
state.template = InputTemplate;
return state;
},
}
}

const setLogin = (state = {}) => { // receive the state as parameter or if not create an empty one
return {
...state,
login: () => {
console.log('Logged in!')
},
}
}


const createComponent = (name, template) => { // factory function
const component = { name, template } // initial object
return pipe(
setLogin,
setTemplate,
)(component)
}


let component = createComponent('hello_user', '<div></div>');
console.log("initial: " + JSON.stringify(component));

let newState = component.change("! new template !"); // immutable change creates a new object
console.log('changed to' + JSON.stringify(newState));
console.log('original component' + JSON.stringify(component));


Thanks for reading!