Introduction
In the middle of March I had my first interview for a DevOps Engineer job for the time after my studies. During the interview process I was given a task to demonstrate my Kubernetes skills. Basically, the task was to create a Docker image for a NodeJS app and then deploy it to a Kubernetes cluster. I had about 8 hours to complete the task. Below, I will go into detail about each of the tasks I was given. However, I will not formulate the task 1:1, but paraphrase what should be done in the task. Nevertheless, with this article I will try to give a feeling for how a practical task is structured in a DevOps job interview.
For information: I used a MacBook Pro with M1 chip for the following tasks. Why I mention this will become clear in a moment.
The NodeJS app I was supposed to roll out was built on puppeteer, which is a library for using a headless Chrome or Chromium browser. To create the Dockerfile I followed the documentation of puppeteer. This shows that Chrome can be downloaded directly via apt
package management using the URL http://dl.google.com/linux/chrome/deb/
. After I found out that Chrome does not currently provide an arm64
build, I used an amd64
Docker image of Node. However, this did not lead to the desired goal either. Finally, I downloaded and installed Chrome directly via wget
. This led to a successfully built container image, but shortly after starting the container it threw Chrome errors and was not usable. After 2 1/2 hours I contacted the company to see if it was okay to use a simple NodeJS app for the remaining tasks, so I could at least solve the remaining tasks (there were still 5 tasks ahead of me).
At the end of the 3 articles is a link to the GitHub repository with all the files that can be used to deploy the following app in Kubernetes.
The rather unspectacular NodeJS app looks like this:
const express = require('express');
// Constants
const PORT = 3000;
const HOST = '0.0.0.0';
// App
const app = express();
app.get('/', (req, res) => {
res.send('Hello World');
});
app.get('/health', (req, res) => {
res.sendStatus(200);
});
app.listen(PORT, HOST, () => {
console.log(`Running on http://${HOST}:${PORT}`);
});
The Dockerfile
There was still a requirement to create a Dockerfile
for the NodeJS. The following Dockerfile
is not 1:1 the same one I used during the task. I extended it by some best practices afterwards. It is important to make sure that the user running the program in the container is not root
. For this the node
images provide the node
user. This can be set up by adding the line USER node
just before the app is launched.
Another security for the container, but also for the user of the images, is to set a specific node
image. This way you can ensure at any time that the dependencies you find are the ones you tested with.
This is done by using the SHA
code of the respective image e.g. FROM node:14@sha256:00e90d6cbb499653cd2c74a3770f4fa5982699145b113e422bdffe31a7905117
for an arm64
build of node in version 14.
The same is true for the apt-get update
command before installing new dependencies in a container. Since the sources can change, it is otherwise not possible to ensure that there are no problems when building new containers. Thus, it is better to test directly with a new build of the base image. More best practices for Docker images can be found at Docker Security Best Practices from the Dockerfile or Docker Security - OWASP Cheat Sheet Series.
The next part will be about setting up a Kubernetes Cluster and deploying the NodeJS app in the cluster.
Thank you for reading,
Niklas
The code from this post can also be found on GitHub: niklasmtj/kubernetes-exercise.
Additionally, I created an arm64
as well as an amd64
docker image for niklasmtj/exercise-app:v1
. So the example app should be usable on other devices as well.
The series:
- Part 1
- Part 2 - coming April 22
- Part 3 - coming April 29
Top comments (2)
Thanks for sharing, I found it very helpful. Looking forward to the next articles!
Thank you for reading! Nice to hear that you found it helpful. I hope the next parts will be helpful for you too!