Brandon Konkle
Brandon Konkle

Principal Engineer, type system nerd, Rust enthusiast, supporter of social justice, loving husband & father, avid comic & manga reader, 日本語を勉強してる。

I’m a Software Architect with more than 15 years of experience creating high performance server and front-end applications targeting web and mobile platforms, & today I lead a team at Formidable Labs.

Share


Tags


Charting a Course in Kubernetes with Helm

Easily bootstrap modern containerized deployments on any provider

Devops is a rapidly evolving space. The ways we deploy apps and services today look very different than they did 10 years ago. I’m a full-stack developer that often crosses over into deployment, and I’ve seen the ecosystem supporting production applications dramatically shift over a very short period of time. The dust is finally beginning to settle around Docker and containerized architectures, and rich tools are growing around this new solution.

While tools like docker-compose are great for bootstrapping groups of resources, they don’t do a lot to help you manage them after they are running. A new generation of “IT orchestration” tools are springing up around container-based architectures to help make them easier to manage and maintain. My favorite of these so far is Kubernetes.

Google created Kubernetes to facilitate a major shift in the way they think about their deployments. Typically we build architectures around the hosts that support our applications. With Kubernetes, Google wanted to make it possible to take a container-centric view, abstracting away the actual nodes as much as possible.

Container-centric

What does this mean? You focus your efforts on the container formation itself, rather than spending a lot of time configuring the virtual machines that host them. It manages a lot of common IT tasks for you— like auto-scaling, load balancing, securely storing and accessing secret keys, mounting persistent storage, service discovery, rolling no-downtime updates, monitoring, logging, and more! Kubernetes automatically balances workload across available VM nodes, and the construct of “Pods” allows you to co-locate resources that need to work closely together.

It’s a really powerful combination that makes a lot of progress towards combining the ease of a hosted platform like Heroku and the flexibility of more traditional cloud providers. In my opinion, however, the real power is in the portability of the platform. You can host it just about anywhere — from the ubiquitous AWS to your own physical rack servers. This guards against lock-in, allowing you to move to different hosting platforms as needed.

A helmsman to steer your ship

There’s still a big piece missing in the Kubernetes experience, however — bootstrapping deployments on your cluster. Setting up a Kubernetes deployment manually can be time consuming and error-prone. Thankfully, the folks at Deis created a great open-source bootstrapping tool called Helm, which allows you to describe your container formation using yaml and Go templates. It’s a little like “Chef for Kubernetes”, allowing you to configure your formation in a dynamic and repeatable way with templates.

The project is still early in development and is changing quickly. Deis maintains their original version of Helm, which they’ve now dubbed “Helm Classic”. The Kubernetes team maintains a new version that is rapidly evolving — but it’s already a great way to bootstrap your backend services in a very flexible, portable, and repeatable way. You create a values file with overridable variables, and then describe each resource you want to create dynamically using templates based on the values provided. This allows you to re-use and share your configurations, and override values files to customize them for different projects.

Charts to guide your way

Packages for Helm are called Charts. The official chart repository is just getting started, but as you’re building your own charts you can look at the Helm Classic charts repository for inspiration. I’ve started building up a chart repository for Ecliptic, and I’m hoping it will grow quickly and we can contribute charts to the official repository soon!

To get started writing a chart, create a new folder an start a Chart.yaml file. This is the package metadata for your chart.

name: node
version: 1.0.0
description: Chart for derivatives of the official Node images
keywords:
- node
- application
home: https://nodejs.org/en/
sources:
- https://github.com/kubernetes/charts
- https://github.com/docker-library/node
maintainers:
- name: Brandon Konkle
  email: brandon@ecliptic.io
engine: gotp

Next you’ll want to create a default values.yaml. This is a properties file that you can override on the command line, allowing you to customize the chart for each project.

imageName: "node"
imageTag: "boron"
cpu: 100m
memory: 256Mi
port: 3000
replicas: 1

Now you’re ready to define some resources!

Enlisting some help

The process of configuring resources is rather straightforward, but it can be extremely helpful to adopt some consistent practices across your cluster so that it’s easy to see what’s happening on your dashboard at a glance. In the official chart repository, the team uses some quick helpers to get consistent naming across their resources. These are written in Go template syntax, so if you’re not familiar you should definitely read up.

{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 24 -}}
{{- end -}}

{{/*
Create a default fully qualified app name.
We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 24 -}}
{{- end -}}

These helpers go in a templates folder in your chart, with the rest of your resource templates.

Constructing your vessel

Now you can define your resources. For my simple Node app, I’m using a Replication Controller that will keep a set amount of containers active running my app, which creates a “pod”.

apiVersion: v1
kind: ReplicationController
metadata:
  name: {{ template "fullname" . }}
  labels:
    app: {{ template "fullname" . }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
spec:
  replicas: {{ .Values.replicas }}
  selector:
    app: {{ template "fullname" . }}
  template:
    metadata:
      name: {{ template "fullname" . }}
      labels:
        app: {{ template "fullname" . }}
    spec:
      containers:
      - name: {{ template "fullname" . }}
        image: "{{ .Values.imageName }}:{{ .Values.imageTag }}"
        imagePullPolicy: Always
        resources:
          requests:
            cpu: "{{ .Values.cpu }}"
            memory: "{{ .Values.memory }}"
          limits:
            cpu: "{{ .Values.cpu }}"
            memory: "{{ .Values.memory }}"
        env:
          - name: PORT
            value: "{{ .Values.port }}"
        {{- range .Values.env }}
          - name: {{ .name }}
            value: {{ .value }}
        {{- end }}
        ports:
        - name: node
          containerPort: 3000
        readinessProbe:
          tcpSocket:
            port: 3000
          initialDelaySeconds: 30
          timeoutSeconds: 1
        livenessProbe:
          tcpSocket:
            port: 3000
          initialDelaySeconds: 30
          timeoutSeconds: 1
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      dnsPolicy: ClusterFirst
      {{- if .Values.imagePullSecrets }}
      imagePullSecrets:
      {{- range .Values.imagePullSecrets }}
        - name: {{ .name }}
      {{- end }}
      {{- end -}}

Because the official Node container image is largely env-driven, I’ve made it very easy to customize environment variables using the values.yaml file. I’ve also made it possible to add a reference to an imagePullSecret so that I can pull a private image. The values imageName and imageTag allow me to point to my own derivative of the official Node image.

To route traffic to the pod, I use a Load Balancer service.

apiVersion: v1
kind: Service
metadata:
  name: {{ template "fullname" . }}
  labels:
    app: {{ template "fullname" . }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
spec:
  type: LoadBalancer
  ports:
  - name: node
    port: {{ .Values.port }}
    targetPort: node
  selector:
    app: {{ template "fullname" . }}

The targetPort points to the named port “node” on the target resource, which is the pod that my Replication Controller manages. This exposes that internal port to the value for “port” in my values.yaml file.

Launching your expedition

Now you’re ready to deploy a “release”, which is what Helm calls an active deployment. First, you need to set up Helm on your cluster, however. Helm needs to install a maintenance service called “Tiller” to execute deployments on your cluster. To install it, make sure you’re using the desired kubectl context and run:

$ helm init

If all is well, it should report that the Tiller was installed successfully. If not, check out the quickstart guide for more detail.

Now you can deploy! I use a simple naming convention for releases — the app name and a tag indicating the function of the release. For example,myproject-app and myproject-db would be the release names for my app deployment and database deployment, respectively.

$ helm install --name myproject-app .

This connects to your Kubernetes cluster and begins spinning up your container formation. Awesome!

If you need to deploy an update to your app, you simply push an updated Docker image and then execute a rolling update. This tells the replication controller to execute a zero-downtime deploy by updating your containers one-by-one and not killing old ones until the new ones are ready.

$ kubectl rolling-update myproject-app-node

The resource name has “-node” appended because the helpers we created above use the chart name.

Happy sailing!

Helm is just beginning, and it’s still rough around the edges at the moment. With that in mind, however, it can be an excellent companion if you’re trying to achieve reusable, composable builds for your Kubernetes-based projects.

Let me know what your experience with Helm is, or if you have a favorite alternative!

I’m a Software Architect with more than 15 years of experience creating high performance server and front-end applications targeting web and mobile platforms, & today I lead a team at Formidable Labs.

View Comments