SECRET OF CSS

Running Flask API application on Openshift with Nginx as Reverse Proxy | Medium


Using Podman

1*TXolZfUJgo0oKriYY1FTLw
Photo by 愚木混株 cdd20 on Unsplash

In my previous article on running a Flask application with Nginx proxy on Podman, I explained how a Flask application served by gunicorn could be configured behind a Nginx reverse proxy server on Podman. We want to achieve the same results on Red Hat Openshift containers platform. Few changes will have to be made for this to work.

Containers on Openshift communicate via service. The Nginx reverse proxy will have to send traffic to the Flask application via its service name and port.

There are several ways to launch an application to Openshift. For this article, I have chosen to use a prebuilt container image where I will build the image locally, push it to quay.io repository, and point my new Openshift application to launch a container using that image.

To start with, here’s the application’s file structure:

First, let’s look at the Flask application Dockerfile. I have added an instruction to expose the application on port 8000.

For Nginx Dockerfile, we are using Redhat ubi9/nginx-120 base image, which is easily reconfigurable to run as a reverse proxy. There are parameters in the base image environment that we will use to add our custom Nginx configurations. The base image environment has the following entries:

The most important Nginx configuration is the server block which will define where the traffic will be forwarded.

So our Nginx reverse proxy application image will have the following Dockerfile instructions:

Build both images and push them to quay.io.

Log into the Openshift cluster using oc cli.

$ oc login -u <username> <openshift_api_url>
Password:

Create a project to be used for our application on Openshift.

$ oc new-project govtstructure

Because we are pulling images from quay.io, we have to authenticate Openshift to be able to pull images from the image registry. We will create a secret that contains the quay.io API access token and link the default service account to use the secret for authentication when pulling images.

$ oc create secret generic quayio --from-file \   .dockerconfigjon=${XDG_RUNTIME_DIR}/containers/auth.json \
--type kubernetes.io/dockerconfigjson
#link secret to default service account for pull
$ oc secrets link default quayio --for pull

We are ready to launch the applications. We start with the Flask application.

$ oc new-app --name govtapplication \
--image quay.io/wainaina3/govtapplication
#check all the services which have been launched
$ oc get all -l app=govtapplication
#Verify the application is running
$ oc get pods
NAME READY STATUS RESTARTS AGE
govtapplication-858ffb9777-nfgbg 1/1 Running 0 4m53s
#verify service is up and listening on port 8000
$ oc get svc
NAME TYPE CLUSTER-IP PORT(S) AGE
govtapplication ClusterIP 172.30.220.218 8000/TCP,8080/TCP 5m57s

The govtapplication is up and running. Next, we can create the Nginx reverse proxy application to serve our traffic.

#create nginx application with image from quay.io
$ oc new-app --name govtapplication \
--image quay.io/wainaina3/govtnginxproxy

Verify the Nginx container is running and listening on port 8181 as expected.

#Verify application is running as expected
$ oc get pods

All services are OK, and the pods run as expected. We will create a route by exposing the Nginx service and explicitly choose port 8181 so it can serve our Flask application traffic.

$ oc expose svc govtnginxproxy --port 8181

Voila! Our application can now be accessed from the Nginx route by just adding the following application routes:

#Get the route
$ oc get routes
#Access the application from the route. use the /sayhello or /getAllCounties(will require database connection) to test$ curl http://<route_url>/sayhello
{"greetings":"Hello there"}

You can find the application code on my GitHub repository.



News Credit

%d bloggers like this: