DEV Community: Noble Mutuwa Mulaudzi

Implementing Role-Based Access Control (RBAC) in Minikube

Noble Mutuwa Mulaudzi — Fri, 21 Mar 2025 06:35:10 +0000

Article by Noble Mutuwa Mulaudzi: DevOps Engineer

Role-Based Access Control (RBAC) allows you to define permissions for users in a Kubernetes cluster. This guide walks through setting up RBAC in Minikube using a ServiceAccount.

## Understanding Key RBAC Terms

Before implementing RBAC, it's important to understand the main concepts:

Role: Defines a set of permissions within a namespace.
ClusterRole: Similar to a Role but applies across the entire cluster.
RoleBinding: Associates a Role with a user, group, or ServiceAccount within a specific namespace.
ClusterRoleBinding: Similar to RoleBinding but applies cluster-wide.
ServiceAccount: An account used by applications running inside the cluster to interact with Kubernetes resources.

## Why Implement RBAC?

RBAC is crucial for securing your Kubernetes environment by:

Restricting Access: Prevents unauthorized users from making changes.
Least Privilege Principle: Users and services only get the minimum permissions needed.
Enhanced Security: Reduces the risk of accidental or malicious actions.
Compliance and Auditability: Helps meet security policies and regulatory requirements.

## Step 1: Create a ServiceAccount

First, create a ServiceAccount named dev-user in the default namespace.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: dev-user
  namespace: default

Apply the configuration:

kubectl apply -f sa.yaml

## Step 2: Create a Role

Define a Role that grants limited permissions. The following configuration allows listing and getting pods.

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: pod-reader
  namespace: default
rules:
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["get", "list"]

Apply the role:

kubectl apply -f role.yaml

Step 3: Bind the Role to the ServiceAccount

Create a RoleBinding to associate the pod-reader role with the dev-user ServiceAccount.

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: pod-reader-binding
  namespace: default
subjects:
  - kind: ServiceAccount
    name: dev-user
    namespace: default
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io

Apply the binding:

kubectl apply -f rolebinding.yaml

## Step 4: Get a Token for the ServiceAccount

Run the following command to generate a token:

kubectl create token dev-user --namespace default

This token is required for authentication.

Step 5: Use the Token to Authenticate

1. Extract the token:

TOKEN=$(kubectl create token dev-user --namespace default)

2. Set up a new context:

kubectl config set-credentials dev-user --token=$TOKEN
kubectl config set-context dev-user-context --cluster=minikube --user=dev-user
kubectl config use-context dev-user-context

3. Verify access:

kubectl get pods

You should be able to list pods but not create, delete, or modify them.

Step 6: Test Restricted Access

Try running:

kubectl delete pod <pod-name>

It should fail due to insufficient permissions.

## Conclusion

This setup ensures that dev-user has restricted access based on RBAC rules. You can extend this setup to include permissions for additional resources like services and deployments if needed.

Building Scalable Microservices with Apache Kafka, django, docker and Keycloak,

Noble Mutuwa Mulaudzi — Mon, 10 Mar 2025 15:08:59 +0000

##Architecture diagram:

By Noble Mutuwa Mulaudzi - DevOps Engineer

Introduction

Microservices architecture has become the go-to approach for building scalable, resilient, and maintainable applications. In this article, I'll walk you through how I designed and implemented a microservices system using:

Keycloak for authentication
Apache Kafka as the message bus
Django for the backend services
React for the frontend
Docker to containerize everything and run it locally

The system consists of four microservices:

User Management - Handles authentication and user profiles
Appointment - Manages appointment scheduling
Analytics - Collects system usage data
Notification - Sends notifications based on events

Why Microservices?

Traditional monolithic applications often struggle with scalability and maintainability. Microservices, on the other hand, offer:

Scalability – Independent services can scale separately.
Resilience – Failure in one service doesn’t bring down the entire system.
Flexibility – Services can be developed, deployed, and maintained independently.

The Tech Stack

Django – Backend framework for each microservice
React – Frontend application
Keycloak – Centralized authentication and authorization
Apache Kafka – Message broker for event-driven communication
PostgreSQL – Primary database
Docker – Every service, including Keycloak, Kafka, and the frontend, is containerized

Microservices Breakdown

1. User Management Microservice

Handles user profiles and authentication
Uses Keycloak for issuing JWT tokens

2. Appointment Microservice

Manages user appointments
Emits appointment-events when an appointment is created

3. Analytics Microservice

Collects system-wide usage data
Consumes appointment-events from Kafka
Stores aggregated data for reporting

4. Notification Microservice

Listens for appointment-events
Sends email to users

Event-Driven Communication with Kafka

Kafka enables asynchronous communication between services. The architecture follows a producer-consumer pattern:

Producers – Each microservice publishes domain events.
Consumers – Other services listen to these events.
Topics – Organize event streams ( appointment-events,).

Example: Appointment Creation Event Flow

A user books an appointment through the Appointment microservice.
The Appointment service emits an appointment.created event to Kafka.
The Analytics service listens to this event and logs the new appointment for reporting.
The Notification service listens to the same event and sends a confirmation email.

Authentication with Keycloak

Keycloak provides:

User Management – Self-registration, social login, password resets
Role-Based Access Control (RBAC) – Services enforce authorization based on user roles
Token-based Authentication – JWT tokens for secure API communication

Each microservice validates JWT tokens before processing incoming requests.

Running the System Locally

1. Clone the Repository

The full project is available on GitHub. Clone it using:

git clone https://github.com/Mutuwa99/microservice-kafka.git
cd microservice-kafka

2. Run Keycloak

Navigate to the stack/ directory and start Keycloak using:

cd stack
docker-compose -f keycloak-docker-compose.yml up -d

Navigate to localhost:7080/
Use 'admin' as the username and passowrd to login
Create a realm called 'myrealm' and enable it
Navigate to the 'myrealm' and click clients and create
Fill in client id and name as 'user-management'
Set Client authentication and Authorization to on
Copy the client id and name for future use in the microservices

3. Run Apache Kafka

Still in the stack/ directory, start Kafka by running:

docker-compose -f kafka-docker-compose.yml up -d

Navigate to localhost:8080/ to see the kafka site

4. Run All Microservices

NB: before running this ensure :

You navigate to notification service and replace :

EMAIL_HOST_USER = ''  # Replace with your Gmail address
EMAIL_HOST_PASSWORD = ''  # Replace with the app password you generated

Navigate to all the microservices folders , open their settings.py and replace the 'KEYCLOAK_CLIENT_SECRET' with the secret you got while setting up your client in keycloak

To start all services, run:

docker-compose -f services-docker-compose.yml up -d

Our backend django service are running on these urls:

Usermanagement: localhost:8000/admin/
Appointment service: localhost:10000/admin/
Notification service: localhost:9000/admin/
Analytics service: localhost:8001/admin/

our frontend app is running on: `localhost:3000/`

Conclusion

Building microservices with Django, Keycloak, and Kafka provides a scalable and maintainable solution. By using Docker to containerize everything, you can run the entire system locally with ease.

What are your thoughts on microservices? Have you used Django, Keycloak, or Kafka in your stack? Let’s discuss in the comments! 🚀

This version includes the GitHub repository reference and the exact commands to start each component. Let me know if you want any additional changes! 🚀🔥

What are your thoughts on microservices? Have you used Django, Keycloak, or Kafka in your stack? Let’s discuss in the comments! 🚀

Deploying a robust Kubernetes cluster monitoring solution(node-exporter,prometheus & grafana) with Helm

Noble Mutuwa Mulaudzi — Mon, 11 Sep 2023 06:26:07 +0000

Introduction

Monitoring your AWS Elastic Kubernetes Service (EKS) cluster is crucial for ensuring its health and performance. In this tutorial, I'll walk you through the process of deploying a robust monitoring solution using Helm, Prometheus, Node Exporter, and Grafana.

Article by Noble Mutuwa Mulaudzi

Architecture Diagram

Prerequisites

Before you begin, make sure you have the following prerequisites in place:

An AWS EKS cluster up and running.
kubectl installed and configured to connect to your EKS cluster.
Helm installed on your local machine.
Basic knowledge of Kubernetes concepts.
eksctl installed on your local machine

Setting Up the Cluster

If you don't have an EKS cluster, follow these steps to configure your cluster:

source code : Noble Mutuwa K8s monitoring files.

Clone the repo and navigate to the application's folder
Apply the cluster.yaml, deployment.yaml, and service.yaml files:

eksctl create cluster -f cluster.yaml
kubectl apply -f deployment.yaml
kubectl apply -f deployment.yaml

Retrieve the service and access your application via the load balancer:

kubectl get svc

Here is our application running on an EKS cluster

Setting Up Prometheus, Node Exporter, and Grafana

To set up Prometheus, Grafana, and Node Exporter as a monitoring stack for your Kubernetes cluster, you can use Helm to simplify the deployment process. Here are the steps to install the Prometheus stack on your Kubernetes cluster using Helm:

1. Install Helm (if not already installed):

If you haven't already installed Helm on your Windows machine using Chocolatey or any other method, please follow the instructions provided earlier.

2. Add Helm Chart Repositories:

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo add grafana https://grafana.github.io/helm-charts
helm repo update

3. Create a Namespace for Monitoring (Optional):

kubectl create namespace monitoring

4. Install Prometheus using Helm:

helm install prometheus-stack prometheus-community/kube-prometheus-stack -n monitoring

Exposing Prometheus and Grafana Services

To access Prometheus and Grafana, edit the services within the monitoring namespace, and change the service type to LoadBalancer:

Accessing Grafana

Copy the LoadBalancer URL of the Grafana service and paste it into your web browser.
Use the following credentials to log in:
- Username: admin
- Password: prom-operator

Set Up Data Sources and Dashboards in Grafana

Configure data sources and import dashboards in Grafana to start visualizing your Kubernetes cluster metrics. You can find various Kubernetes-related dashboards in the Grafana dashboard marketplace.

Here's a dashboard I've configured to monitor my cluster's health:

Congratulations! You've successfully deployed a robust monitoring solution for your AWS EKS cluster. With Prometheus, Node Exporter, and Grafana in place, you can monitor and visualize metrics, helping you keep your Kubernetes environment healthy and efficient.

Article by Noble Mutuwa Mulaudzi

Thank you!

Monitoring Linux Servers with Node Exporter, Prometheus, and Grafana: A Comprehensive Guide

Noble Mutuwa Mulaudzi — Thu, 07 Sep 2023 13:44:58 +0000

Server monitoring is a critical aspect of managing a robust infrastructure. In this comprehensive guide, we'll explore how to set up an efficient and versatile monitoring system for Linux servers using Node Exporter, Prometheus, and Grafana. This combination of tools allows you to collect, store, and visualize performance metrics, providing valuable insights into your server's health and performance.

Article By Noble Mutuwa Mulaudzi

Architecture diagram

Prerequisites

Before we dive into the setup, here are the prerequisites you'll need:

An AWS EC2 instance running a Linux distribution (e.g., Ubuntu).
SSH access to the instance.
Basic knowledge of Linux command-line operations.

Step 1: Install Node Exporter

Node Exporter is a tool for collecting system-level metrics. Here's how to install it:

Download and install Node Exporter:

wget https://github.com/prometheus/node_exporter/releases/download/v1.2.2/node_exporter-1.2.2.linux-amd64.tar.gz
tar xvfz node_exporter-1.2.2.linux-amd64.tar.gz
sudo mv node_exporter-1.2.2.linux-amd64/node_exporter /usr/local/bin/

Create a systemd service unit file for Node Exporter:

sudo nano /etc/systemd/system/node_exporter.service

Add the following content to the file:

[Unit]
Description=Node Exporter
After=network.target

[Service]
ExecStart=/usr/local/bin/node_exporter
Restart=always

[Install]
WantedBy=multi-user.target

Reload systemd and start Node Exporter:

sudo systemctl daemon-reload
sudo systemctl start node_exporter
sudo systemctl enable node_exporter

Step 2: Install Prometheus

Prometheus is a monitoring and alerting system. Here's how to install it:

Download and install Prometheus:

wget https://github.com/prometheus/prometheus/releases/download/v2.30.2/prometheus-2.30.2.linux-amd64.tar.gz
tar xvfz prometheus-2.30.2.linux-amd64.tar.gz
sudo mv prometheus-2.30.2.linux-amd64/prometheus /usr/local/bin/
sudo mv prometheus-2.30.2.linux-amd64/promtool /usr/local/bin/

Create a Prometheus configuration file:

sudo nano /etc/prometheus/prometheus.yml

Add the following basic configuration:

global:
  scrape_interval: 15s

scrape_configs:
  - job_name: 'node_exporter'
    static_configs:
      - targets: ['your-instance-ip:9100']

Create a systemd service unit file for Prometheus:

sudo nano /etc/systemd/system/prometheus.service

Add the following content to the file:

[Unit]
Description=Prometheus
After=network.target

[Service]
ExecStart=/usr/local/bin/prometheus --config.file=/etc/prometheus/prometheus.yml
Restart=always

[Install]
WantedBy=multi-user.target

Reload systemd and start Prometheus:

sudo systemctl daemon-reload
sudo systemctl start prometheus
sudo systemctl enable prometheus

Step 3: Install Grafana

Grafana is a visualization and dashboarding tool for monitoring. Here's how to install it:

Add the Grafana APT repository and install Grafana:

sudo apt-get install -y software-properties-common
sudo add-apt-repository "deb https://packages.grafana.com/oss/deb stable main"
sudo wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add -
sudo apt-get update
sudo apt-get install grafana

Start and enable the Grafana service:

sudo systemctl start grafana-server
sudo systemctl enable grafana-server

Access Grafana:

Grafana's web interface is available at http://your-instance-ip:3000. You can log in with the default username and password: admin/admin. It's recommended to change the password after the initial login.
You can now configure your data source and dashboards to monitor your infrastructure

Above is our Grafana GUI, with beautiful dashboard showing CPU usage of our target machines

Article By Noble Mutuwa Isaya Mulaudzi

***************Thank you*************

Streamlining AWS Linux Servers Configuration with Ansible

Noble Mutuwa Mulaudzi — Tue, 25 Jul 2023 10:44:07 +0000

In the ever-evolving landscape of cloud computing, Amazon Web Services (AWS) has emerged as a powerhouse, providing robust infrastructure solutions to businesses worldwide. As organizations migrate their workloads to AWS, efficient server management becomes crucial for optimal performance and cost-effectiveness. Enter Ansible, the open-source automation tool that simplifies the management of AWS Linux servers through its powerful configuration management capabilities.

In this guide, I will walk you through the process of effectively managing your cloud servers using Ansible, we will use Ansible to automate updates in our webserver,(APACHE)

Tutorial by Noble Mutuwa Mulaudzi

Architecture diagram

Before we start let us get familiar with some Ansible terms

Ansible playbook : a set of organized instructions that define the desired state of remote hosts and the tasks to be executed on them
Inventory : a configuration file that lists the hosts or groups of hosts that Ansible can manage,
Modules : pre-built, reusable scripts that Ansible uses to interact with the remote hosts and carry out specific tasks such as installing packages, managing files, or starting services.

In this tutorial we will be using package and service modules

Pre-requisites for Windows Users

Install Windows Subsystem for Linux (WSL)
Choose a Linux Distribution( I will be using Ubuntu, installed from microsoft store)
Install Ansible on the Linux Distribution
1 or more Cloud servers with apache installed

Yeey, we have our linux enviroment set with Ansible installed

Remember to have your target server's key pairs on your enviroment where you are using Ansible.

Step 1: Preparing the Ansible Inventory:_

Create an inventory file (e.g., hosts) that lists the IP addresses or hostnames of your AWS Linux instances. Group them logically based on their roles, such as web_servers and database_servers. The inventory file might look like this:


[web_servers]
webserver1 ansible_host=server_ip ansible_user=your_user ansible_ssh_private_key_file=/path/to/key/key.pem

You can add as many servers as you want

Step 2: Writing the Ansible Playbook:

Next, create an Ansible playbook (e.g., your_playbook.yml) that defines the configuration tasks:


- name: Update and Restart Apache on EC2 instances
  hosts: web_servers
  become: yes  # This allows Ansible to become root (sudo) to perform updates

  tasks:
    - name: Update Apache
      package:
        name: httpd
        state: latest
      become: yes

    - name: Restart Apache
      service:
        name: httpd
        state: restarted
      become: yes

Step 3: Executing the Playbook:

Now, execute the playbook using the following command within the Linux terminal:

ansible-playbook -i /path/to/your_inventory_file/inventory.ini /path/to/your_playbook/your_playbook.yml

Ansible will connect to the AWS Linux instances through SSH, perform the specified tasks, and ensure that the systems are updated and equipped with the necessary software.

Here is our result . and just like that we have successfully updated our webserver with the latest apache through Ansible.

Note that you can use various Ansible modules to perform other Ansible tasks and automate a wide range of operations on remote hosts. Some commonly used Ansible modules include:

apt: Manages packages on Debian/Ubuntu systems, allowing you to install, update, or remove packages.
yum: Similar to apt, but for Red Hat/CentOS systems, managing packages accordingly.
copy: Enables you to copy files from the control machine to remote hosts.
file: Helps manage files and directories on the remote hosts, allowing you to set permissions, ownership, etc
git: Allows you to clone Git repositories onto the remote hosts.

Conclusion

Having completed this tutorial, you are now equipped to unleash the full power of Ansible and its modules, enabling you to achieve even greater efficiency and automation in managing AWS instances. With Ansible's flexibility and ease of use, you can confidently tackle more complex tasks and drive innovation within your cloud infrastructure. Embrace the potential of Ansible to streamline your server management and open new possibilities for your AWS environment.

Article by Noble Mutuwa Mulaudzi

CI/CD Pipeline with github actions & AWS EC2 instance

Noble Mutuwa Mulaudzi — Thu, 06 Jul 2023 11:54:08 +0000

Introduction

In today's fast-paced software development environment, continuous integration and continuous deployment (CI/CD) pipelines are essential for streamlining the software delivery process. GitHub Actions, coupled with the power of AWS EC2 instances, provide a robust and scalable solution for automating CI/CD workflows. In this article, i will guide you through the process of setting up a CI/CD pipeline using GitHub Actions and an AWS EC2 instance.

Architecture diagram

NOTE:You can follow the same steps to deploy to shared hosting platforms like Cpanel, Plesk and more.

pre-requisites

Github Account.
AWS account.
Git repository with your application's code.

Creating our web server.

Log in to your AWS Management Console and navigate to the EC2 service.
Launch an EC2 instance, choosing the appropriate Amazon Machine Image (AMI) based on your requirements.
Configure security groups and access credentials to allow incoming traffic through ssh, http and https.
Here is our webserver

Configuring GitHub Environment:

Environments helps you to Identify the different environments needed for your application, such as development, staging, and production.
In your GitHub repository, navigate to the "Settings" tab and click on "Environments".
Create the desired environments, specifying a name and optional description for each. ( i have created the environment to be QA-mywebsite)

Configuring GitHub Secrets for our QA environment:

GitHub Actions allows you to securely store sensitive information like access keys or tokens using Secrets.
In the GitHub repository, go to "Settings" and click on Environments.
Navigate to your environment (QA environments)
Add secrets required for connecting to your AWS EC2 instance, such as access keys or SSH private keys..

Here is our environment secrets configuartion:

Configuring our workflow file.

In the root of your repository , create a folder called .github/workflows and create a file called deploy.yml

Here is our deploy.yml file.



name: Deploy to EC2

on:
  push:
    branches:
      - master


jobs:
  checkout_mycode:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: check out
        id: check
        run: |
          echo "checking out the code"


  deploy_to_qa:
    needs: checkout_mycode
    if: github.ref == 'refs/heads/master'
    runs-on: ubuntu-latest
    environment: 
      name: QA-mywebsite
      url: http://noble-mutuwa.com/

    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Set up SSH
        uses: webfactory/ssh-agent@v0.5.0
        with:
          ssh-private-key: ${{ secrets.SERVER_SSH_PRIVATE_KEY }}

      - name: Copy files to EC2
        run: scp -r -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "${{ github.workspace }}" ec2-user@50.17.57.13:~/website/

      - name: SSH into EC2
        run: | 
          ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ec2-user@50.17.57.13 "sudo cp -r ~/website/mywebsite/* /var/www/html/"

  qa_send_notification:
    needs: deploy_to_qa
    if: needs.deploy_to_qa.result == 'success'
    runs-on: ubuntu-latest
    steps:
      - name: Send notification to repository owner
        run: |
          REPO_OWNER=$(jq --raw-output .repository.owner.login "${GITHUB_EVENT_PATH}")
          NOTIFICATION="Deployment qa completed."
          API_URL="https://api.github.com/repos/${GITHUB_REPOSITORY}/notifications"
          RESPONSE=$(curl -sSL -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -H "Content-Type: application/json" -X POST -d "{\"subject\":\"$NOTIFICATION\",\"repository\":\"$REPO_OWNER/$GITHUB_REPOSITORY\"}" "$API_URL")
          echo "Notification sent to repository owner: $REPO_OWNER"

Deploying to EC2

Save the deploy.yml file and push the code to your remote repository.
Go to your github repo to observe the pipeline.
Note that after checking the code ,the workflow will prompt you to review the changes and approve in order to deploy to your EC2 instance. (remember that we added reviewers when we created our QA-website environment)

We will review the deployment and approve.
After the deployment has been done, we wil get the end point (url) for our application that we defined in the deploy.yml file

We can now access our Application using the url

There is our beautiful flask(python) application with a Chatbot
In my next article , i will take you through on how you can build this chat bot , train it with data and how the chatbot can learn from different responses provided by the user

Article by Noble Mutuwa Mulaudzi

Building a CRUD Python Serverless API with DynamoDB using the Serverless Framework.

Noble Mutuwa Mulaudzi — Sun, 04 Jun 2023 15:29:19 +0000

Hi,My name is Noble Mutuwa Mulaudzi, AWS DevOps Engineer and Linux enthusiast.

In this tutorial, we'll learn how to build a serverless API using Python and DynamoDB, leveraging the power of the Serverless Framework. The API will provide Create, Read, Update, and Delete (CRUD) operations for managing items. We'll also demonstrate how to test the API using Postman.

Architecture diagram

Source code: (https://github.com/Mutuwa99/python-crud-api)

Prerequisites

To follow along with this tutorial, you'll need the following:

Python 3.x installed on your machine.
Node.js and npm installed for installing the Serverless Framework.
An AWS account with appropriate permissions to create resources like Lambda

Setting up the Project

1.Install the Serverless Framework by running the following command:

npm install -g serverless

2.Create a new directory for your project and navigate into it.

mkdir python_rest_api
cd python_rest_api

3.Initialize a new Serverless service using the following command:

serverless create --template aws-python3 --name python_rest_api

4.Install the required Python packages by running:

pip install boto3

Create separate Python files for each CRUD operation inside the project directory:

create.py
delete.py
update.py
read_one.py
read_all.py

Configuring DynamoDB

1.Open the serverless.yml file and update it with the following configuration:

service: my-serverless-api

provider:
  name: aws
  runtime: python3.8

functions:
  create:
    handler: create.create
    events:
      - http:
          path: items
          method: post

  readAll:
    handler: read_all.read_all
    events:
      - http:
          path: items
          method: get

  readOne:
    handler: read_one.read_one
    events:
      - http:
          path: items/{id}
          method: get

  update:
    handler: update.update
    events:
      - http:
          path: items/{id}
          method: put

  delete:
    handler: delete.delete
    events:
      - http:
          path: items/{id}
          method: delete

resources:
  Resources:
    ItemsTable:
      Type: AWS::DynamoDB::Table
      Properties:
        TableName: Items
        AttributeDefinitions:
          - AttributeName: id
            AttributeType: S
        KeySchema:
          - AttributeName: id
            KeyType: HASH
        ProvisionedThroughput:
          ReadCapacityUnits: 1
          WriteCapacityUnits: 1

Implementing the CRUD Functions

2.Open the create.py file and update it with the following code:

import json
import boto3
from botocore.exceptions import ClientError

dynamodb = boto3.resource('dynamodb')
table = dynamodb.Table('Items')

def create(event, context):
    data = json.loads(event['body'])
    item_id = data['id']
    item_name = data['name']
    item_price = data['price']

    try:
        table.put_item(
            Item={
                'id': item_id,
                'name': item_name,
                'price': item_price
            }
        )
        response = {
            'statusCode': 200,
            'body': json.dumps({'message': 'Item created successfully'})
        }
    except ClientError as e:
        response = {
            'statusCode': 500,
            'body': json.dumps({'error': str(e)})
        }

    return response

3.Open the delete.py file and update it with the following code:

import json
import boto3
from botocore.exceptions import ClientError

dynamodb = boto3.resource('dynamodb')
table = dynamodb.Table('Items')

def delete(event, context):
    item_id = event['pathParameters']['id']

    try:
        table.delete_item(Key={'id': item_id})
        response = {
            'statusCode': 200,
            'body': json.dumps({'message': 'Item deleted successfully'})
        }
    except ClientError as e:
        response = {
            'statusCode': 500,
            'body': json.dumps({'error': str(e)})
        }

    return response

4.Open the update.py file and update it with the following code:

import json
import boto3
from botocore.exceptions import ClientError

dynamodb = boto3.resource('dynamodb')
table = dynamodb.Table('Items')

def update(event, context):
    item_id = event['pathParameters']['id']
    data = json.loads(event['body'])
    item_name = data['name']
    item_price = data['price']

    try:
        response = table.update_item(
            Key={'id': item_id},
            UpdateExpression='set #name = :n, #price = :p',
            ExpressionAttributeNames={'#name': 'name', '#price': 'price'},
            ExpressionAttributeValues={':n': item_name, ':p': item_price},
            ReturnValues='UPDATED_NEW'
        )
        updated_item = response['Attributes']
        response = {
            'statusCode': 200,
            'body': json.dumps(updated_item)
        }
    except ClientError as e:
        response = {
            'statusCode': 500,
            'body': json.dumps({'error': str(e)})
        }

    return response

5.Open the read_one.py file and update it with the following code:

import json
import boto3
from botocore.exceptions import ClientError

dynamodb = boto3.resource('dynamodb')
table = dynamodb.Table('Items')

def read_one(event, context):
    item_id = event['pathParameters']['id']

    try:
        response = table.get_item(Key={'id': item_id})
        item = response.get('Item')
        if item:
            response = {
                'statusCode': 200,
                'body': json.dumps(item)
            }
        else:
            response = {
                'statusCode': 404,
                'body': json.dumps({'error': 'Item not found'})
            }
    except ClientError as e:
        response = {
            'statusCode': 500,
            'body': json.dumps({'error': str(e)})
        }

    return response

6.Open the read_all.py file and update it with the following code:

import json
import boto3
from botocore.exceptions import ClientError

dynamodb = boto3.resource('dynamodb')
table = dynamodb.Table('Items')

def read_all(event, context):
    try:
        response = table.scan()
        items = response['Items']
        response = {
            'statusCode': 200,
            'body': json.dumps(items)
        }
    except ClientError as e:
        response = {
            'statusCode': 500,
            'body': json.dumps({'error': str(e)})
        }

    return response

Deploy the Serverless API using the following command:

serverless deploy

Testing the API using Postman

Open Postman and create a new request
Set the request URL to the appropriate endpoint for each CRUD operation that you got when you did serverless deloy :

Replace with the actual API endpoint you noted down earlier.

3.Set the request body for the create and update operations. For example:

{
  "id": "1",
  "name": "Noble's Bill",
  "price": "R10 000"
}

4.Send the request and observe the responses.

POST Request:

Get Request:

Congratulations! You have successfully built a CRUD Python serverless API with DynamoDB using the Serverless Framework. You've also tested the API using Postman.
Feel free to explore and expand upon this foundation to build more complex serverless APIs to suit your specific requirements.
That concludes the tutorial. We've covered how to create a CRUD Python serverless API with DynamoDB using the Serverless Framework and testing through postman

Article by Noble Mutuwa Mulaudzi

Leveraging Elastic Kubernetes Service for Scalable Deployments

Noble Mutuwa Mulaudzi — Fri, 26 May 2023 05:01:47 +0000

Hi My name is Noble Mutuwa, AWS DevOps Engineer and a linux enthusiast.

AWS EKS (Elastic Kubernetes Service) is a managed Kubernetes service provided by Amazon Web Services. It allows you to easily deploy, manage, and scale containerized applications using Kubernetes. In this article, i will walk you through the steps of deploying a web app on AWS EKS and expose it using a load balancer.

Architecture Diagram****

Github repo for the source code: (https://github.com/Mutuwa99/kubernetes-EKS-)

I will walk you through the following steps:

Containerize the Web App using docker
Create an ECR repository on AWS
Push the application image to ECR
Set Up AWS EKS Cluster (using EKSCTL)
Deploy the Web App to AWS EKS(using kubectl)
Expose the Web App using a Load Balancer
Clean up our resources

Prerequisites

Amazon Web Services (AWS) Account
Docker desktop installed
Kubectl installed
eksctl installed
AWS CLI installed and configured

Step 1: Creating a docker file

In the root of our project, we will create a docker file that will build our image:

FROM php:8.1.0-apache


# Mod Rewrite
RUN a2enmod rewrite

# Linux Library
RUN apt-get update -y && apt-get install -y \
    libicu-dev \
    libmariadb-dev \
    unzip zip \
    zlib1g-dev \
    libpng-dev \
    libjpeg-dev \
    libfreetype6-dev \
    libjpeg62-turbo-dev \
    libpng-dev 

# Composer
COPY --from=composer:latest /usr/bin/composer /usr/bin/composer

# PHP Extension
RUN docker-php-ext-install gettext intl pdo_mysql gd

EXPOSE 80

RUN docker-php-ext-configure gd --enable-gd --with-freetype --with-jpeg \
    && docker-php-ext-install -j$(nproc) gd


COPY --chown=www-data:www-data . /srv/app 
COPY .docker/vhost.conf /etc/apache2/sites-available/000-default.conf 

WORKDIR /srv/app

After having created our docker file we will build our docker image using the following command

NB:Make sure you have docker daemon running

docker build -t myapp .

after some few mins our docker image has been built , and is ready to be accessed through the browser.

we will run the container to test if we can access our webapp on the browser

docker run -d -p 80:80 myapp

Your can accesss the web application at (localhost:80)

Step 2 : Creating ECR repo on AWS:

We will login to our AWS Account and create an ECR repo that will store this image

Navigate to services and search ECR
Select repositories and create repository
Navigate to your repository and go to view push commands
-We will use push commands provided by AWS ECR to login to ECR ,build,tag and push our image to ECR from our terminal,
Retrieve an authentication token and authenticate your Docker client to your registry:

aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/q0k8p3n5

After a successfull login we will then build the docker image using the following command:

docker build -t myapp .

After the build completes, tag your image so you can push the image to this repository:

docker tag myapp:latest public.ecr.aws/q0k8p3n5/myapp:latest

Run the following command to push this image to your newly created AWS repository:

docker push public.ecr.aws/q0k8p3n5/myapp:latest

We will navigate to our ECR repo and see if our image is pushed

Step 3: Creating our EKS Cluster using EKSCTL and sending manifest files using kubectl

At the root of our project we will create a file called cluster.yaml, this file will contain information about our cluster and we will use this file to describe the kind of resources we want in our cluster

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: my-eks-cluster5
  region: us-east-1

nodeGroups:
  - name: ng-1
    instanceType: t3.micro
    desiredCapacity: 2

Now we will create the cluster using:

eksctl create cluster -f cluster.yaml

This may take close to 15 mins to finish. be patient.

-After 15 mins our cluster is ready.

As we know that we communicate with kubernetes in a declarative way, we will need to create manifest files that we will send to kubernetes using kubectl. These files serve as declarative blueprints that define the desired state of the application, including the containers, networking, storage, and other resources required for its operation.

Deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: laravel-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: laravel-app
  template:
    metadata:
      labels:
        app: laravel-app
    spec:
      containers:
        - name: laravel-app
          image: public.ecr.aws/q0k8p3n5/mytest:latest
          ports:
            - containerPort: 80

Service.yaml

apiVersion: v1
kind: Service
metadata:
  name: laravel-service
  labels:
    app: laravel-app

spec:
  selector:
    app: laravel-app
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
  type: LoadBalancer

Now we send our manifest files using kubectl
To apply the deployment files run:

kubectl apply -f deployment.yaml

To apply the service file run:

kubectl apply -f service.yaml

Monitor the deployment status using:

kubectl get deployments

To access our application on the browser:

Copy the loadbalancer URL and the port

a7468c76bd8d74b3885b1b89c01d4f50-45776134.us-west-2.elb.amazonaws.com:80

Yeeey,Here is our web application deployed on Kubernetes using EKS.

Cleaning up:

We will use eksctl to delete all resources we have created

eksctl delete cluster --region us-west-2 my-eks-cluster-demo1

After having done this projet you can go on to add it on your resume.

All the best

Deploying a php application on AWS using EB command line interface(eb cli)

Noble Mutuwa Mulaudzi — Mon, 22 May 2023 04:57:56 +0000

Hi my Name is Noble Mutuwa Mulaudzi,AWS DevOps Engineer and a Linux enthusiast.

In this article i am going to show you how you can quickly deploy a php application on AWS using EB cli (without having to login to the AWS management console.

Source code: (https://github.com/Mutuwa99/Ebcli)

Introduction

Deploying a PHP application on Amazon Web Services (AWS) can be a seamless process with the help of the Elastic Beanstalk Command Line Interface (EB CLI). AWS Elastic Beanstalk provides a platform-as-a-service (PaaS) for deploying and managing applications. In this article, i will walk you through the steps to deploy your PHP application on AWS using the EB CLI, enabling you to easily scale and manage your application infrastructure.

Prerequisites:

Before we begin, make sure you have the following prerequisites in place:

An AWS account: Sign up for an AWS account if you don't have one already.
AWS CLI: Install the AWS Command Line Interface (CLI) on your local machine.
EB CLI: Install the Elastic Beanstalk Command Line Interface (EB CLI) on your local machine.
A PHP application: Have a PHP application ready for deployment.(You can download mine on my githu repo)

Step 1: Set Up AWS CLI and EB CLI:

First, you need to configure the AWS CLI with your AWS account credentials. Open your terminal and run the following command:

aws configure

Provide your AWS Access Key ID, Secret Access Key, default region, and output format when prompted.

Next, install the EB CLI by running the following command:

pip install awsebcli --upgrade --user

Step 2: Initialize the EB CLI:

In your terminal, navigate to your PHP application's directory and initialize the EB CLI by running:

eb init

Step 3: Setting up configs for our application:

When a user accesses laravel application via a web browser, the server looks directly into the "public" folder to handle the incoming request. In that case we will have to predefine the document root of our application and set it to /public

Create a folder called .ebextentions/01setup.config on your project root and paste the following:

option_settings:
  - namespace: aws:elasticbeanstalk:container:php:phpini
    option_name: document_root
    value: /public

Follow the prompts to select your region, application name, and platform. Choose PHP as the platform for your application.

Step 4: Create an Environment:

To create an environment for your PHP application, run the following command:

eb create environment-name

Replace "environment-name" with a suitable name for your environment. This process may take a few minutes to provision the necessary AWS resources.

Step 5: Deploy Your Application:

Once the environment is created, you can deploy your PHP application by running:

eb deploy

step 6: Checking env health:

Once you have deployed your application you can check your app env health by running:

eb status

Step 7: Access Your Application:

After the deployment is complete, you can access your application using the environment URL provided by Elastic Beanstalk. Run the following command to open the application in your default browser:

eb open

yeey we have sucessfully deployed our php application on AWS through EB CLI(without logging in to the management console)

Thank you

Noble Mutuwa Mulaudzi

DEV Community: Noble Mutuwa Mulaudzi

Implementing Role-Based Access Control (RBAC) in Minikube

Article by Noble Mutuwa Mulaudzi: DevOps Engineer

Step 3: Bind the Role to the ServiceAccount

Step 5: Use the Token to Authenticate

1. Extract the token:

2. Set up a new context:

3. Verify access:

Step 6: Test Restricted Access

Building Scalable Microservices with Apache Kafka, django, docker and Keycloak,

By Noble Mutuwa Mulaudzi - DevOps Engineer

Introduction

Why Microservices?

The Tech Stack

Microservices Breakdown

1. User Management Microservice

2. Appointment Microservice

3. Analytics Microservice

4. Notification Microservice

Event-Driven Communication with Kafka

Example: Appointment Creation Event Flow

Authentication with Keycloak

Running the System Locally

1. Clone the Repository

2. Run Keycloak

3. Run Apache Kafka

4. Run All Microservices

Our backend django service are running on these urls:

our frontend app is running on: localhost:3000/

Conclusion

Deploying a robust Kubernetes cluster monitoring solution(node-exporter,prometheus & grafana) with Helm

Introduction

Architecture Diagram

Prerequisites

Setting Up the Cluster

Setting Up Prometheus, Node Exporter, and Grafana

Exposing Prometheus and Grafana Services

Accessing Grafana

Set Up Data Sources and Dashboards in Grafana

Monitoring Linux Servers with Node Exporter, Prometheus, and Grafana: A Comprehensive Guide

Step 1: Install Node Exporter

Step 2: Install Prometheus

Step 3: Install Grafana

Access Grafana:

Streamlining AWS Linux Servers Configuration with Ansible

Architecture diagram

Pre-requisites for Windows Users

Step 1: Preparing the Ansible Inventory:_

Step 2: Writing the Ansible Playbook:

Step 3: Executing the Playbook:

Conclusion

Article by Noble Mutuwa Mulaudzi

CI/CD Pipeline with github actions & AWS EC2 instance

Introduction

Architecture diagram

pre-requisites

Building a CRUD Python Serverless API with DynamoDB using the Serverless Framework.

Architecture diagram

Prerequisites

Setting up the Project

Configuring DynamoDB

Implementing the CRUD Functions

Deploy the Serverless API using the following command:

Testing the API using Postman

POST Request:

Get Request:

Article by Noble Mutuwa Mulaudzi

Leveraging Elastic Kubernetes Service for Scalable Deployments

Hi My name is Noble Mutuwa, AWS DevOps Engineer and a linux enthusiast.

I will walk you through the following steps:

Prerequisites

Step 1: Creating a docker file

Step 2 : Creating ECR repo on AWS:

Step 3: Creating our EKS Cluster using EKSCTL and sending manifest files using kubectl

Cleaning up:

Deploying a php application on AWS using EB command line interface(eb cli)

Hi my Name is Noble Mutuwa Mulaudzi,AWS DevOps Engineer and a Linux enthusiast.

Introduction

Prerequisites:

Step 1: Set Up AWS CLI and EB CLI:

our frontend app is running on: `localhost:3000/`