Kubetools
Kubetools is a tool and processes for developing and deploying microservices to Kubernetes. Say that:
- You have a bunch of repositories, each containing one or more microservices
- You want to deploy each of these microservices into one or more Kubernetes clusters
- You want a single configuration file per project (repository)
And you would like:
- Development setup should be near-instant - and not require specific K8s knowledge
- Deployment to production can be automated - and integrated with existing CI tooling
Kubetools provides the tooling required to achieve this, by way of two CLI tools:
ktd
: generates 100% local development environments using Docker/docker-composekubetools
: deploys projects to Kubernetes, handling any changes/jobs as required
Both of these use a single configuration file, kubetools.yml
, for example a basic django
app:
name: my-app
containerContexts:
django_app:
build:
registry: my-registry.net
dockerfile: Dockerfile
dev:
volumes:
- ./:/opt/django_app
upgrades:
- name: Upgrade database
containerContext: django_app
command: [./manage.py, migrate, --noinput]
tests:
- name: Nosetests
containerContext: django_app
command: [./manage.py, test]
deployments:
my-app-webserver:
annotations:
imageregistry: "https://hub.docker.com/"
labels:
app.kubernetes.io/name: my-app-webserver
serviceAccountName: webserver
secrets:
secret-volume:
mountPath: /mnt/secrets-store
secretProviderClass: webserver-secrets
containers:
uwsgi:
command: [uwsgi, --ini, /etc/uwsgi.conf]
containerContext: django_app
ports:
- 80
dev:
command: [./manage.py, runserver, '0.0.0.0:80']
dependencies:
mariadb:
containers:
mariadb:
image: mariadb:v10.4.1
cronjobs:
my-cronjob:
batch-api-version: 'batch/v1beta1'
schedule: "*/1 * * * *"
concurrency_policy: "Replace"
containers:
hello:
image: busybox
command: [/bin/sh, -c, date; echo Hello from the Kubernetes cluster]
With this in your current directory, you can now:
ktd up
kubetools deploy my-namespace
Installing
pip install kubetools
NOTE: Since Cython 3.0 was released, the installation of kubetools
dependencies will fail
due to compatibility issues between Cython 3 and PyYaml (see
this issue). This can be worked around for example
with pip
by using a "constraints" file containing cython<3
.
Configuration
Users can configure some aspects of kubetools
. The configuration folder location depends on the
operating system of the user. See the
Click documentation
to find the appropriate one for you. Note that we use the "POSIX" version (for example
~/.kubetools/
on Unix systems).
kubetools.conf
contains key-value settings, see settings.py
for the
possible settings and their meaning.scripts/
can contain scripts to be made available to ktd script
command
Developing
Install the package in editable mode, with the dev extras:
pip install -e .[dev]
Local deployment testing
For deployment testing, you will need a kubernetes cluster and a docker registry. You can get both
easily using minikube
:
minikube start --addons registry --insecure-registry ${MINIKUBE_IP}:5000
Then you can deploy to that environment:
kubetools --context minikube deploy --default-registry ${MINIKUBE_IP}:5000 default .
MINIKUBE_IP
value can vary depending on your local environment. The easiest way to get the correct
value is to start minikube once then reset it:
minikube start
MINIKUBE_IP=$(minikube ip)
minikube delete
...
Releasing (admins/maintainers only)
- Update CHANGELOG to add new version and document it
- In GitHub, create a new release
- Title the release
v<version>
(for example v1.2.3
) - Select to create a new tag
v<version>
against master
branch - Copy changes in the release from
CHANGELOG.md
into the release description - GitHub Actions will package the release and
publish it to Pypi
Mounting K8s Secrets
We assume that ServiceAccount
and SecretProviderClass
are already created (if needed), before deploying the project with kubetools.
Docker build args
kubetools
now supports passing values for ARG
parameters used in Dockerfiles, using
--build-args
. This has a couple of caveats though:
- it is NOT supported in
ktd
. A workaround for this is to use the default value of the ARG
instruction. - this doesn't affect the image tag pushed to the docker registry, which is based only on the git
commit hash. This means that these arguments cannot be used to generate multiple images from the
same Dockerfile. So their main usage should be to pass secrets that should not be recorded in the
git repository but are needed at build time, to access external resources for example.
- these values could be recorded in the docker image layer history. To prevent leaking secrets, you
should consider using multi-stage builds where the secrets are only used in a "builder" image.