FotoGal (Foto Galeria)

FotoGal (Foto Galeria) is a Web/Cloud Native application written using the Python/Flask framework, on the Oracle Cloud (OCI) infrastructure. The application is a “proof of concept” (PoC), which mimics the basic features of the Instagram application on the services available at OCI.

For now, the application FotoGal uses the following services from OCI:

• Object Storage
• NoSQL Database
• Log
• Container Engine (Kubernetes)
• Load Balancer

Table of contents

• Topology
• Description of directories (source code)
• Prerequisites
• How to use

Topology

Description of directories (source code)

.
├── README.md                   # README
├── LICENSE
├── requirements.txt            # Python project dependencies
├── Dockerfile                  # Definitions for building the Docker container
├── gthimgs/                    # GitHub Markdown images
├── terraform/                  # Infrastructure as code (IaC) Terraform
├── tools/                      # Miscellaneous scripts / utilities
└── fotogal/                    # Root directory of the FotoGal application
     ├── app/                   # FotoGal application directory (Flask)
     ├── oci_config/            # OCI SDK / CLI configuration files
     └── entrypoint.sh          # Docker container bootstrap script

Prerequisites

• A valid OCI account
• Oracle Linux 7 (for creating / sending the application container to the OCI)
• Oracle Cloud CLI
• Terraform
• Kubectl
• Docker

How to use

1. Install Oracle Cloud CLI on the machine Oracle Linux 7:

• Oracle Cloud CLI

[darmbrust@oci-dev ~]$ bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)"

[darmbrust@oci-dev ~]$ oci -v
2.20.0

2. Install the Terraform and kubectl binaries:

• Terraform

[darmbrust@oci-dev ~]$ wget https://releases.hashicorp.com/terraform/0.14.5/terraform_0.14.5_linux_amd64.zip -P bin/

[darmbrust@oci-dev ~]$ unzip bin/terraform_0.14.5_linux_amd64.zip -d bin/

[darmbrust@oci-dev ~]$ bin/terraform -v
Terraform v0.14.5

• Kubectl

[darmbrust@oci-dev ~]$ cd bin/

[darmbrust@oci-dev bin]$ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"

[darmbrust@oci-dev bin]$ chmod +x kubectl

[darmbrust@oci-dev bin]$ ./kubectl version --short
Client Version: v1.20.2

3. Install Docker:

• Docker

[darmbrust@oci-dev ~]$ sudo yum install -y docker-engine

[darmbrust@oci-dev ~]$ sudo systemctl enable docker.service
[darmbrust@oci-dev ~]$ sudo systemctl start docker.service

[darmbrust@oci-dev ~]$ docker -v
Docker version 19.03.11-ol, build 748876d

4. With the utilities already installed, “clone” the FotoGal application repository:

[darmbrust@oci-dev ~]$ sudo yum install -y git

[darmbrust@oci-dev ~]$ git clone https://github.com/daniel-armbrust/fotogal.git

[darmbrust@oci-dev ~]$ cd fotogal/
[darmbrust@oci-dev fotogal]$ mkdir fotogal/oci_config/

5. Create a public and private key (without password), to use the SDK from OCI:

[darmbrust@oci-dev fotogal]$ openssl genrsa -out fotogal/oci_config/oci_api_key.pem 2048

[darmbrust@oci-dev fotogal]$ chmod 0400 fotogal/oci_config/oci_api_key.pem

[darmbrust@oci-dev fotogal]$ openssl rsa -pubout -in fotogal/oci_config/oci_api_key.pem -out fotogal/oci_config/oci_api_key_public.pem

• The public key will not be used by the application. It must be inserted into your user on OCI.

6. Create a configuration file in the following format below:

[darmbrust@oci-dev fotogal]$ cat fotogal/oci_config/oci.conf
[DEFAULT]
user=<USER OCID>
fingerprint=<KEY FINGERPRINT>
tenancy=<TENANCY OCID>
region=<OCI REGION>
compartment=<YOUR OCID ROOT COMPARTMENT>

• Fill in the highlighted fields with the appropriate values of your user/tenant on OCI. For more information, consult the official documentation: Required Keys and OCIDs

7. Create the Docker image:

• Obtain the value for the Region Key corresponding to the OCI region in which the application will be deployed. See the official documentation Regions and Availability Domains for other values. Here, we will use GRU which corresponds to São Paulo, Brazil.

• Create the TAG used to build the image which must comply with the standard:

<Region Key>.ocir.io/<Tenancy Namespace>/<User/Repository>/<Name/Application Version>

• Example:

gru.ocir.io/idreywyoj0pu/daniel.armbrust/fotogal:1.0.0

[darmbrust@oci-dev fotogal]$ sudo docker build -t gru.ocir.io/idreywyoj0pu/daniel.armbrust/fotogal:1.0.0 .

[darmbrust@oci-dev fotogal]$ sudo docker images
REPOSITORY                                         TAG      IMAGE ID       CREATED SIZE
gru.ocir.io/idreywyoj0pu/daniel.armbrust/fotogal   1.0.0    d0c540b17d3a   2 days ago 388MB
python 3.8-alpine                                           024f9f60790b   5 days ago 43.1MB

8. Create an Authentication Token to send the Docker image created to OCI.

9. Send the Docker image that was created to OCI:

• Perform login in the OCIR service, informing your username and the Authentication Token that was created. Recalling that in this example, we are using the OCI services present in the São Paulo, Brazil (GRU) region.

• For more information on the entire process of sending Docker images to OCI, see the official documentation: Push an Image to Oracle Cloud Infrastructure Registry

[darmbrust@oci-dev fotogal]$ sudo docker login -u idreywyoj0pu/oracleidentitycloudservice/daniel.armbrust@oracle.com gru.ocir.io

• Send the Docker image to the OCIR service:

[darmbrust@oci-dev fotogal]$ sudo docker push gru.ocir.io/idreywyoj0pu/daniel.armbrust/fotogal:1.0.0

[darmbrust@oci-dev fotogal]$ sudo docker logout

10. Create the infrastructure in OCI using the Terraform scripts.

• Within the terraform/ directory, create the resources:

[darmbrust@oci-dev fotogal]$ cd terraform/
[darmbrust@oci-dev terraform]$ terraform init
[darmbrust@oci-dev terraform]$ terraform apply -auto-approve

11. Create the necessary settings to connect to the Kubernetes cluster from kubectl:

• Before configuring kubectl, we must perform the configurations OCI CLI with the command:

[darmbrust@oci-dev fotogal]$ oci setup config

• After the Kubernetes cluster is created, it will be necessary to obtain its OCID:

[darmbrust@oci-dev fotogal]$ oci ce cluster list --compartment-id ocid1.compartment.oc1..aaaaaaaaro7baesjtceeuntyqxajzotsthm4bg46bwumacmbltuhw6gvb2mq
--name oke-fotogal --query "data|[0].id"

• Fill in the command below with the respective OCID value of the cluster Kubernetes that was created:

[darmbrust@oci-dev fotogal]$ oci ce cluster create-kubeconfig --cluster-id <CLUSTER  OCID> --file $HOME/.kube/config --region sa-saopaulo-1 --token-version 2.0.0
New config written to the Kubeconfig file /home/darmbrust/.kube/config

12. Check connectivity with the cluster Kubernetes created in OCI:

[darmbrust@oci-dev fotogal]$ kubectl cluster-info

13. Create a "secret" to allow the Kubernetes cluster to access the Docker image repository in OCI:

[darmbrust@oci-dev fotogal]$ kubectl create secret docker-registry fotogal-ocir-secret --docker-server=gru.ocir.io --docker-username='idroay2yZj0pu/oracleidentitycloudservice/daniel.armbrust@algumdominio.com' --docker-password='<TOKEN  DE  AUTENTICAÇÃO>'

• To create this “secret”, we need to inform in the Kubernetes cluster the OCIR service region (gru.ocir.io) along with the access credentials (username and authentication token).

• For more information about the image download process by cluster Kubernetes at OCI, consult the official documentation: Pulling Images from Registry during Deployment

14. Set the file terraform/yaml/fotogal-deploy.yaml with the path of the Docker image according to the OCIR information created in your Tenancy:

[darmbrust@oci-dev fotogal]$ cd terraform/yaml/

[root@localhost yaml]# cat fotogal-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: fotogal-dpp
spec:
  replicas: 3
  selector:
       matchLabels:
         app: fotogal
  template:
    metadata:
       labels:
         app: fotogal
    spec:
       containers:
       - name: fotogal-container
         image: gru.ocir.io/idroay2yZj0pu/daniel.armbrust/fotogal:1.0.0
         env:
         - name: SECRET_KEY
           value: "258166fe81d609c00ba2b0728e33333333a80d323a85c124f3fa554c585"
         - name: WTF_CSRF_SECRET_KEY
           value: "258166fe81d609c00ba2C0728e88dEf52zzzzd323a85c124f3fa554c585"
         - name: AUTH_COOKIE_SECRET_KEY
           value: "rEw4qpfSB-FTtA1bSwXZ3iGx_cCh6J62VL0foa34521cKfNE="
         ports:
         - containerPort: 5000
           protocol: TCP
       imagePullSecrets:
         - name: fotogal-ocir-secret
---
apiVersion: v1
kind: Service
metadata:
  name: fotogal-srv
  annotations:
       service.beta.kubernetes.io/oci-load-balancer-shape: 10Mbps
spec:
  type: LoadBalancer
  selector:
       app: fotogal
  ports:
  - port: 80
       protocol: TCP
       targetPort: 5000

15. Deploy the application to Kubernetes cluster using the command below:

[darmbrust@oci-dev fotogal]$ kubectl create -f fotogal-deploy.yaml

16. After a few seconds, you can get the public IP address from Load Balancer created by Kubernetes cluster:

[darmbrust@oci-dev fotogal]$ kubectl get service fotogal-srv
NAME         TYPE          CLUSTER-IP    EXTERNAL-IP     PORT(S)        AGE
fotogal-srv  LoadBalancer  10.96.6.189   129.151.32.148  80:31399/TCP   46s

17. Before accessing the application, let's load some data for demonstration by executing the commands below:

[darmbrust@oci-dev fotogal]$ sudo pip3 install borneo werkzeug
[darmbrust@oci-dev tools]$ cd tools/
[darmbrust@oci-dev tools]$ python3 ./add_initial_users.py

18. Done! Just access the application through the public IP of the Load Balancer: