# The HPE Container Platform (HPE CP) - Challenge
## Deploying your front-end application on Kubernetes cluster managed by the HPE Container Platform.

#### Initialize the environment:

Let's first define the environment variables according to your HPE Container Platform user account and tenant name, and the HPE Container Platform API system endpoint:

In [1]:
#
# environment variables to be adjusted/verified by the student
#
YourName="denischoukroun" # your name in Lowercase !!! (i.e.: firstnamelastname)
username="student1" # your HPE CP tenant login credentials - username 
password="stuDISCO2020" # your HPE CP tenant login credentials - password
#
# fixed environment variables setup by the HPE CP lab administrator
#
controller_endpoint="hpecpgw1.hp.local:8080"
gateway_host="hpecpgw1.hp.local"
tenantname="K8sHackTenant"
k8sClusterId="9"  #this is the K8s Cluster Id provided by the HPE CP admisnistrator and assigned to your K8s tenant.
GrommetApp="my-app-denischoukroun.yaml" # the Grommet react based application
echo "your HPE Container Platform operation context is:" $username "on tenant" $tenantname 

your HPE Container Platform operation context is: student1 on tenant K8sHackTenant


#### Authenticate as a tenant user in the specified tenant:

> Note:  When you see a [*] next to the next action it means your execution step is busy working within the notebook.

In [2]:
sessionlocation=$(curl -k -i -s --request POST "https://${controller_endpoint}/api/v2/session" \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "'"$username"'",
"password": "'"$password"'",
"tenant_name": "'"$tenantname"'"
}' | grep Location | awk '{print $2}' | tr -d '\r') #we remove any cr that might exist
echo "This is your session location: " $sessionlocation
SessionId=$(echo $sessionlocation | cut -d'/' -f 5) # extract sessionId for later, for logout
echo "This is your session_Id:" $SessionId

This is your session location:  /api/v2/session/424b718a-fd34-4c72-abbc-15157d523d06
This is your session_Id: 424b718a-fd34-4c72-abbc-15157d523d06


#### Get the Kubeconfig file for your tenant working context:
The next step in deploying a containerized application in Kubernetes clusters managed by the HPE Container Platform is to get the kubeconfig file for your tenant working context. 

The HPE CP REST API call below allows you to get the **kubeconfig file** used to access the Kubernetes cluster for your tenant user account based on your assigned role (tenant member) with the same result as if you had downloaded it from the HPE CP UI.

In [3]:
curl -k -s --request GET "https://${controller_endpoint}/api/v2/k8skubeconfig" \
--header "X-BDS-SESSION: $sessionlocation" \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' > ${YourName}_kubeconfig

In [4]:
cat ${YourName}_kubeconfig

apiVersion: v1
clusters:
- cluster:
    insecure-skip-tls-verify: true
    server: https://hpecpgw1.hp.local:9500
  name: k8scluster1
contexts:
- context:
    cluster: k8scluster1
    user: HPECP-student1
    namespace: k8shacktenant
  name: k8scluster1-K8sHackTenant-student1
current-context: k8scluster1-K8sHackTenant-student1
kind: Config
preferences: {}
users:
- name: HPECP-student1
  user:
    exec:
      command: kubectl
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - hpecp
      - authenticate
      - hpecpgw1.hp.local:8080
      - --hpecp-user=student1
      - --hpecp-token=/api/v2/session/424b718a-fd34-4c72-abbc-15157d523d06
      - --hpecp-token-expiry=1595781667
      - --force-reauth=false
      - --insecure-skip-tls-verify=true


> Notice the kubeconfig file includes the valid token (session location) for the current session you previously established.

#### Define the Kubeconfig file as a shell environment variable:
The kubectl command-line tool (a K8s API client) uses kubeconfig file to communicate with the Kube API server of a Kubernetes cluster. By default, kubectl looks for a file named **config** in the $HOME/.kube directory. Because our kubeconfig file is not located in a default location, we must specify the path of the kubeconfig file by setting the KUBECONFIG environment variable:

In [5]:
#define the Kubeconfig file as a shell environment variable to tell kubectl where to look for the kubeconfig file
export KUBECONFIG="${YourName}_kubeconfig"
echo $KUBECONFIG

denischoukroun_kubeconfig


#### Check your working tenant context:

In [6]:
kubectl config current-context

k8scluster1-K8sHackTenant-student1


You can now send Kubernetes API requests using a K8s API client such as **kubectl** to deploy enterprise workloads to the kubernetes cluster using the privileges assigned to your tenant role. 


**Let's see this in action!**

# Challenges

In [7]:
# kubectl run -i -t --image=didierlalli/myfirstgrommetapp grommet-${YourName} --port=3000 --restart=Never

> Note: The first time an application type is created in the Kubernetes cluster, it may take some minutes to reach its "running" state, as the relevant Docker image must be downloaded and imported in a Kubernetes worker host.

> Note:  You can ignore the message "If you don't see a command prompt, try pressing enter. Error attaching, falling back to logs: pods "your pod name" is forbidden. User cannot create resource "pods/attach" in API group in the namespace "k8shacktenant".

**If you run the kubectl run command from the Launcher terminal, Press Control-C to go to the command prompt.**  

**If you run the kubectl from the Jupyter Notebook, stop execution of the cell code by using "Interrupt the Kernel" button at the top of your Notebook.**

In [8]:
#kubectl get pods -l run=grommet-${YourName}

In [9]:
#kubectl get pods -l run=grommet-${YourName} -o yaml

In [10]:
#kubectl delete pod -l run=grommet-${YourName}

### Deploying your app using your YAML manifest file

As you are all sharing the same tenant context and Kubernetes cluster resources, let's make sure your application deployment name will be unique among the tenant users. Here we replace the string "example" with your Name.

In [11]:
#sed -i "s/example/${YourName}/g" $GrommetApp
cat $GrommetApp

apiVersion: apps/v1
kind: Deployment
metadata:
  name: grommet-denischoukroun
spec:
  selector:
    matchLabels:
      run: grommet-denischoukroun
  replicas: 1
  template:
    metadata:
      labels:
        run: grommet-denischoukroun
    spec:
      containers:
        - name: grommet-app-denischoukroun
          image: didierlalli/myfirstgrommetapp
          ports:
            - containerPort: 3000
              protocol: TCP
          stdin: true
          tty: true 
---
apiVersion: v1
kind: Service
metadata:
  name: grommet-service-denischoukroun
spec:
  selector:
    run: grommet-denischoukroun
  ports:
  - name: http-grommetapp
    protocol: TCP
    port: 3000
    targetPort: 3000
  type: NodePort


In [12]:
kubectl apply -f my-app-denischoukroun.yaml

deployment.apps/grommet-denischoukroun created
service/grommet-service-denischoukroun created


### Get the Kubernetes Pod status for your deployed application:

In [15]:
kubectl get pods -l run=grommet-${YourName}

NAME                                      READY   STATUS    RESTARTS   AGE
grommet-denischoukroun-6f7ddbbbc9-v4wz7   1/1     Running   0          119s


> Note: The first time an application type is created in the Kubernetes cluster, it may take some minutes to reach its "running" state, as the relevant Docker image must be downloaded and imported in a Kubernetes worker host.

### Get the gateway mapped service endpoint:
HPE Container Platform automatically maps the **NodePort Service** endpoint to the HPE Container Platform gateway (proxy) host.
Access to application services running in containers is proxied via the gateway host on a publicly-accessible IP address and a port number greater than 10000.

In [14]:
kubectl describe service/grommet-service-${YourName}

Name:                     grommet-service-denischoukroun
Namespace:                k8shacktenant
Labels:                   hpecp.hpe.com/hpecp-internal-gateway=true
Annotations:              hpecp-internal-gateway/3000: hpecpgw1.hp.local:10003
Selector:                 run=grommet-denischoukroun
Type:                     NodePort
IP:                       10.96.64.182
Port:                     http-grommetapp  3000/TCP
TargetPort:               3000/TCP
NodePort:                 http-grommetapp  30043/TCP
Endpoints:                10.192.2.9:3000
Session Affinity:         None
External Traffic Policy:  Cluster
Events:
  Type    Reason  Age   From         Message
  ----    ------  ----  ----         -------
  Normal  HpeCp   15s   hpecp-agent  Created HPECP K8S service


### Check to see if your application is responding:

In [16]:
curl -k -i https://hpecpgw1.hp.local:10003

HTTP/1.1 200 OK
X-Powered-By: Express
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 1798
ETag: W/"706-0DU2eHkPbGbTCKpkJ6ai23p6VYE"
Vary: Accept-Encoding
Date: Sat, 25 Jul 2020 16:43:59 GMT

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <link rel="icon" href="/favicon.ico" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <meta name="theme-color" content="#000000" />
    <meta
      name="description"
      content="Web site created using create-react-app"
    />
    <link rel="apple-touch-icon" href="/logo192.png" />
    <!--
      manifest.json provides metadata used when your web app is installed on a
      user's mobile device or desktop. See https://developers.google.com/web/fundamentals/web-app-manifest/
    -->
    <link rel="manifest" href="/manifest.json" />
    <!--
      Notice the use of  in the tags above.
      It will be replaced with the URL of the `public` folder during the build.

### Connect to your application from your browser

Once your front-end app is running and is respondign to your cURL command above, you can connect to your front-end application from your browser from the Internet.

Open a new tab in your browser and connect to the application service endpoint through our Internet NAT firewall: https://notebooks2.hpedev.io:YourRemappedPortNumber where port number is the re-mapped port you get for your service endpoint. 

# Go through some cleanup:

### Delete your application deployment and artifacts:

In [17]:
#kubectl delete -f Grommet-app-v2.yaml

Although sessions have a time to live (TTL) of 24 hours, it is a best practice in REST API programming to cleanup and delete those sessions when done. 

In [18]:
curl -k -i -s --request DELETE "https://${controller_endpoint}/api/v2/session/${SessionId}" \
--header "X-BDS-SESSION: $sessionlocation" \
--header 'Accept: application/json' \
--header 'Content-Type: application/json'

HTTP/1.1 204 No Content
Access-Control-Allow-Origin: *
Content-Length: 0
Content-Type: text/plain
Date: Sat, 25 Jul 2020 16:44:44 GMT
Server: BlueData EPIC 5.0



The status *204 No Content* means the session object has been deleted.

* Finally, reset your applications YAML files and delete the kubeconfig file

In [19]:
#reset the application deployment name in the YAML file and delete the kubeconfgi file
rm ${YourName}_kubeconfig
#sed -i "s/${YourName}/example/g" $GrommetApp
#cat $GrommetApp