Lab09

Vagrantfile

@@ -1,6 +1,6 @@
 Vagrant.configure("2") do |config|
   config.vm.box = "ubuntu/jammy64"
-  config.vm.hostname = "lab05"
+  config.vm.hostname = "lab09"
 
   # Disable project folder sharing inside the VM.
   # This avoids common Windows path issues (spaces, Cyrillic characters)
@@ -15,11 +15,13 @@ Vagrant.configure("2") do |config|
   config.vm.network "forwarded_port", guest: 3100, host: 3100, host_ip: "0.0.0.0", id: "loki", auto_correct: true
   config.vm.network "forwarded_port", guest: 9080, host: 9080, host_ip: "0.0.0.0", id: "promtail", auto_correct: true
   config.vm.network "forwarded_port", guest: 9090, host: 9090, host_ip: "0.0.0.0", id: "prometheus", auto_correct: true
+  config.vm.network "forwarded_port", guest: 30080, host: 30080, host_ip: "0.0.0.0", id: "k8s-app1", auto_correct: true
+  config.vm.network "forwarded_port", guest: 30081, host: 30081, host_ip: "0.0.0.0", id: "k8s-app2", auto_correct: true
 
   config.ssh.insert_key = true
 
   config.vm.provider "virtualbox" do |vb|
-    vb.name = "lab07-monitoring"
+    vb.name = "lab09"
     vb.memory = 3072
     vb.cpus = 2
   end

app_python/Dockerfile

@@ -1,4 +1,3 @@
-
 # Production-oriented image for a small Flask app.
 # Pin a specific Python version for reproducible builds.
 FROM python:3.13.1-slim
@@ -9,9 +8,9 @@ ENV PYTHONDONTWRITEBYTECODE=1 \
 
 WORKDIR /app
 
-# Create a dedicated non-root user (mandatory best practice).
-RUN addgroup --system app \
-    && adduser --system --ingroup app --no-create-home app
+# Create a dedicated non-root user with numeric UID/GID.
+RUN addgroup --system --gid 10001 app \
+    && adduser --system --uid 10001 --ingroup app --no-create-home app
 
 # Install dependencies first to leverage Docker layer caching.
 COPY requirements.txt ./
@@ -20,8 +19,8 @@ RUN pip install --no-cache-dir -r requirements.txt
 # Copy only the application code needed at runtime.
 COPY app.py ./
 
-# Drop privileges
-USER app
+# Drop privileges using a numeric user for Kubernetes runAsNonRoot validation.
+USER 10001:10001
 
 # Document the port (Flask defaults to 5000 in this repo)
 EXPOSE 5000

app_python/README.md

@@ -1,159 +1,168 @@
-# DevOps Info Service
-
-[![python-ci](https://github.com/dorley174/DevOps-Core-Course/actions/workflows/python-ci.yml/badge.svg)](https://github.com/dorley174/DevOps-Core-Course/actions/workflows/python-ci.yml)
-
-## Overview
-DevOps Info Service is a production-ready starter web service for the DevOps course.  
-It reports service metadata, runtime details, and basic system information.
-
-The service exposes two endpoints:
-- `GET /` — service + system + runtime + request information
-- `GET /health` — health check endpoint (used later for Kubernetes probes)
-
-## Prerequisites
-- Python **3.11+**
-- `pip`
-- (Recommended) Virtual environment (`venv`)
-- **Windows:** Python Launcher `py` is recommended
-
-## Installation
-
-```bash
-python -m venv venv
-# Windows: .\venv\Scripts\activate
-# Linux/macOS: source venv/bin/activate
-
-pip install -r requirements.txt
-```
-
-## Running the Application
-
-### Default run (port 5000)
-> If `PORT` is not set, the application runs on **0.0.0.0:5000**.
-```bash
-python app.py
-```
-
-### Custom configuration
-
-**Linux/Mac:**
-```bash
-HOST=127.0.0.1 PORT=8080 DEBUG=True python app.py
-```
-
-**Windows (PowerShell):**
-```powershell
-$env:HOST="127.0.0.1"
-$env:PORT="8080"
-$env:DEBUG="True"
-python app.py
-```
-
-**Windows (CMD):**
-```bat
-set HOST=127.0.0.1
-set PORT=8080
-set DEBUG=True
-python app.py
-```
-
-## API Endpoints
-
-### `GET /`
-Returns service metadata, system information, runtime details, request info, and a list of available endpoints.
-
-Example:
-```bash
-curl http://127.0.0.1:5000/
-```
-
-### `GET /health`
-Returns a minimal health response for monitoring.
-
-Example (includes HTTP status):
-```bash
-curl -i http://127.0.0.1:5000/health
-```
-
-## Testing / Pretty Output
-
-### Pretty-printed JSON
-**Windows PowerShell tip:** use `curl.exe`.
-```bash
-curl -s http://127.0.0.1:5000/ | python -m json.tool
-```
-
-## Testing & Linting (LAB03)
-
-> Dev dependencies live in `requirements-dev.txt` (pytest, coverage, ruff).
-
-Install dev deps:
-```bash
-pip install -r requirements-dev.txt
-```
-
-Run linter:
-```bash
-ruff check .
-```
-
-Run tests + coverage:
-```bash
-pytest -q tests --cov=. --cov-report=term-missing
-```
-
-## CI/CD Secrets (GitHub Actions)
-
-In your GitHub repository:
-**Settings → Secrets and variables → Actions → New repository secret**
-
-Add:
-- `DOCKERHUB_USERNAME` — your Docker Hub username
-- `DOCKERHUB_TOKEN` — Docker Hub Access Token (Account Settings → Security)
-- `SNYK_TOKEN` — Snyk API token (Account settings → API token)
-
-## Configuration
-
-| Variable | Default | Description |
-|----------|---------|-------------|
-| HOST     | 0.0.0.0 | Bind address |
-| PORT     | 5000    | HTTP port |
-| DEBUG    | False   | Flask debug mode |
-
----
-
-## Docker
-
-> Examples below use placeholders like `<image>` and `<tag>`.
-
-### Build (local)
-
-```bash
-docker build -t <image>:<tag> .
-```
-
-### Run
-
-```bash
-docker run --rm -p 5000:5000 <image>:<tag>
-```
-
-(Optional: override env vars)
-
-```bash
-docker run --rm -p 5000:5000 -e PORT=5000 -e DEBUG=false <image>:<tag>
-```
-
-### Pull from Docker Hub
-
-```bash
-docker pull <dockerhub-username>/<repo>:<tag>
-docker run --rm -p 5000:5000 <dockerhub-username>/<repo>:<tag>
-```
-
-### Quick test
-
-```bash
-curl http://localhost:5000/health
-curl http://localhost:5000/
-```
+# DevOps Info Service
+
+[![python-ci](https://github.com/dorley174/DevOps-Core-Course/actions/workflows/python-ci.yml/badge.svg)](https://github.com/dorley174/DevOps-Core-Course/actions/workflows/python-ci.yml)
+
+## Overview
+DevOps Info Service is a production-ready starter web service for the DevOps course.  
+It reports service metadata, runtime details, and basic system information.
+
+The service exposes two endpoints:
+- `GET /` — service + system + runtime + request information
+- `GET /health` — liveness health endpoint
+- `GET /ready` — readiness health endpoint for Kubernetes
+
+## Prerequisites
+- Python **3.11+**
+- `pip`
+- (Recommended) Virtual environment (`venv`)
+- **Windows:** Python Launcher `py` is recommended
+
+## Installation
+
+```bash
+python -m venv venv
+# Windows: .\venv\Scripts\activate
+# Linux/macOS: source venv/bin/activate
+
+pip install -r requirements.txt
+```
+
+## Running the Application
+
+### Default run (port 5000)
+> If `PORT` is not set, the application runs on **0.0.0.0:5000**.
+```bash
+python app.py
+```
+
+### Custom configuration
+
+**Linux/Mac:**
+```bash
+HOST=127.0.0.1 PORT=8080 DEBUG=True python app.py
+```
+
+**Windows (PowerShell):**
+```powershell
+$env:HOST="127.0.0.1"
+$env:PORT="8080"
+$env:DEBUG="True"
+python app.py
+```
+
+**Windows (CMD):**
+```bat
+set HOST=127.0.0.1
+set PORT=8080
+set DEBUG=True
+python app.py
+```
+
+## API Endpoints
+
+### `GET /`
+Returns service metadata, system information, runtime details, request info, and a list of available endpoints.
+
+Example:
+```bash
+curl http://127.0.0.1:5000/
+```
+
+### `GET /health`
+Returns a minimal liveness response for monitoring and Kubernetes liveness probes.
+
+Example (includes HTTP status):
+```bash
+curl -i http://127.0.0.1:5000/health
+```
+
+### `GET /ready`
+Returns readiness information for Kubernetes readiness probes.
+
+Example:
+```bash
+curl -i http://127.0.0.1:5000/ready
+```
+
+## Testing / Pretty Output
+
+### Pretty-printed JSON
+**Windows PowerShell tip:** use `curl.exe`.
+```bash
+curl -s http://127.0.0.1:5000/ | python -m json.tool
+```
+
+## Testing & Linting (LAB03)
+
+> Dev dependencies live in `requirements-dev.txt` (pytest, coverage, ruff).
+
+Install dev deps:
+```bash
+pip install -r requirements-dev.txt
+```
+
+Run linter:
+```bash
+ruff check .
+```
+
+Run tests + coverage:
+```bash
+pytest -q tests --cov=. --cov-report=term-missing
+```
+
+## CI/CD Secrets (GitHub Actions)
+
+In your GitHub repository:
+**Settings → Secrets and variables → Actions → New repository secret**
+
+Add:
+- `DOCKERHUB_USERNAME` — your Docker Hub username
+- `DOCKERHUB_TOKEN` — Docker Hub Access Token (Account Settings → Security)
+- `SNYK_TOKEN` — Snyk API token (Account settings → API token)
+
+## Configuration
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| HOST     | 0.0.0.0 | Bind address |
+| PORT     | 5000    | HTTP port |
+| DEBUG    | False   | Flask debug mode |
+
+---
+
+## Docker
+
+> Examples below use placeholders like `<image>` and `<tag>`.
+
+### Build (local)
+
+```bash
+docker build -t <image>:<tag> .
+```
+
+### Run
+
+```bash
+docker run --rm -p 5000:5000 <image>:<tag>
+```
+
+(Optional: override env vars)
+
+```bash
+docker run --rm -p 5000:5000 -e PORT=5000 -e DEBUG=false <image>:<tag>
+```
+
+### Pull from Docker Hub
+
+```bash
+docker pull <dockerhub-username>/<repo>:<tag>
+docker run --rm -p 5000:5000 <dockerhub-username>/<repo>:<tag>
+```
+
+### Quick test
+
+```bash
+curl http://localhost:5000/health
+curl http://localhost:5000/
+```