Module 10 - Container Orchestration with Kubernetes

This repository contains a demo project created as part of my DevOps studies in the TechWorld with Nana – DevOps Bootcamp.

https://www.techworld-with-nana.com/devops-bootcamp

Demo Project: Deploy NodeJS application in K8s cluster from private Docker registry

Technologies used: Kubernetes, Helm, AWS ECR, Docker

Project Description:

• Create Secret for credentials for the private Docker registry
• Configure the Docker registry secret in application Deployment component
• Deploy web application image from AWS ECR in K8s cluster

---

Prerequisites

Complete the previous demo project first. You must have a Docker image pushed to your private AWS ECR registry. See aws-module-9.5 for setup instructions.

• AWS CLI configured with an ecr profile
• kubectl installed locally
• A DigitalOcean account with Kubernetes access

Step 1 - Create a Kubernetes Cluster on DigitalOcean

Provision a managed Kubernetes cluster through the DigitalOcean dashboard:

Step 2 - Connect to the Cluster

Download the kubeconfig file from DigitalOcean, then configure access:

chmod 400 k8s-id-kubeconfig.yaml
export KUBECONFIG=k8s-id-kubeconfig.yaml

Verify the connection:

kubectl cluster-info
kubectl get nodes

You should see the cluster endpoint and node(s) listed as Ready.

Step 3 - Create a Docker Registry Secret

Kubernetes needs credentials to pull images from your private AWS ECR registry. Choose one of the options below.

Option A - Single command (quick setup)

kubectl create secret docker-registry ecr-secret \
  --docker-server=<aws_account_id>.dkr.ecr.<region>.amazonaws.com \
  --docker-username=AWS \
  --docker-password=$(aws ecr get-login-password --profile ecr)

Note

Replace <aws_account_id> and <region> with your actual AWS account ID and region (e.g., us-east-1).

Option B - Using config.json (preferable for multiple repositories)

1. Get your ECR password:

aws ecr get-login-password --profile ecr

2. Create a Docker config.json file:

{
  "auths": {
    "<aws_account_id>.dkr.ecr.<region>.amazonaws.com": {
      "username": "AWS",
      "password": "<password-from-step-1>",
      "auth": "<base64-encoded-credentials>"
    }
  }
}

Generate the auth field:

echo -n "AWS:<password-from-step-1>" | base64

3. Create the Kubernetes secret from the file:

kubectl create secret generic ecr-secret \
  --from-file=.dockerconfigjson=config.json \
  --type=kubernetes.io/dockerconfigjson

Alternative: Apply the secret declaratively using the provided manifest:

• Base64-encode your config.json and place it in the .dockerconfigjson field of docker-secret.yaml
• Apply it:

kubectl apply -f docker-secret.yaml

Step 4 - Deploy the Application

Update the image reference in app-deployment.yaml with your ECR repository URL:

spec:
  imagePullSecrets:
    - name: ecr-secret
  containers:
    - name: app
      image: <aws_account_id>.dkr.ecr.<region>.amazonaws.com/app:1.0
      imagePullPolicy: Always

Then deploy:

kubectl apply -f app-deployment.yaml

Verify the deployment is running:

kubectl get pods

Demo

---

Deploy and Configure Nginx Ingress Controller

Add the ingress-nginx Helm repository:

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx

Install the Nginx Ingress Controller:

helm install nginx-ingress ingress-nginx/ingress-nginx --set controller.publishService.enabled=true

Verify the controller is running:

kubectl get pods
kubectl logs nginx-ingress-ingress-nginx-controller-<pod-id>

A DigitalOcean Load Balancer is automatically provisioned:

Note the external IP address assigned to the ingress service:

kubectl get svc

Create and Apply the Ingress Rule

Update the host in app-ingress.yaml with your external IP (replacing dots with dashes):

- host: <your-ip-address>.nip.io
  # Replace <your-ip-address> with your actual external IP

Apply the ingress rule:

kubectl apply -f app-ingress.yaml

Access the Application

Navigate to http://<your-ip-address>.nip.io in your browser.