Deployment pipeline/Migration/Tutorial
Migrating a service to Kubernetes
A Guide With Examples From HelloWorldOid
TL;DR:
- Create
.pipeline/blubber.yaml - Generate dockerfile using Blubber
- Create and test docker image
- Create
.pipeline/config.yaml - Update integration/config to run the pipeline you created for testing and publishing your service
- Create helm deployment chart
- Test in minikube (Try local-charts if you want to test integrations with other services/apps or do more development!)
- Run benchmarks and update deployment chart
- Talk to SRE about deployment to production
Set Up
We’re going to migrate your service to Kubernetes! If you have any questions, contact the Release Engineering team.
Pre-requirements:
- Docker - https://www.docker.com/products/docker-desktop
- Minikube - https://kubernetes.io/docs/tasks/tools/install-minikube/ (you can try using the local-charts repo's installation script to install Minikube if you prefer)
- Helm - https://helm.sh/docs/intro/install/ (the local-charts installation script will also attempt to install helm)
Clone the Repositories:
- HelloWorldoid (Our example service)-
git clone ssh://gerrit.wikimedia.org:29418/blubber-doc/example/helloworldoid - integration/config -
git clone ssh://gerrit.wikimedia.org:29418/integration/config - deployment-charts -
git clone ssh://gerrit.wikimedia.org:29418/operations/deployment-charts - local-charts (optional for testing integrations and developing) -
git clone ssh://gerrit.wikimedia.org:29418/releng/local-charts
Creating a Docker Image
Services running in production need a docker image generated and pushed to the wikimedia docker registry during CI. You'll need a .pipeline/blubber.yaml file like the one in the helloworldoid repository:
blubber.yaml:
version: v4
base: docker-registry.wikimedia.org/nodejs-slim
runs:
environment:
HELLO_WORLD: Hi, I’d like to add you to my professional network on LinkedIn.
variants:
build:
base: docker-registry.wikimedia.org/nodejs-devel
copies: [local]
node: { requirements: [package.json] }
test:
includes: [build]
entrypoint: [npm, test]
prep:
includes: [build]
node: { env: production }
production:
copies: [prep]
entrypoint: [node, index.js]
blubber.yaml tells the blubber service what operating system, packages, libraries, and files are needed in your docker image. We need a docker image to deploy to Kubernetes because services in Kubernetes must be in a container. The blubber service will output a dockerfile that can be used to create your docker image. More detailed tutorials can be found here: Blubber/Tutorial
1. Create your blubber.yaml file.
2. Use the blubberoid service to create your dockerfile from the blubber configuration! Switch to the root directory of your repo.
$ curl -s "https://blubberoid.wikimedia.org/v1/production" \
-H 'content-type: application/yaml' \
--data-binary @".pipeline/blubber.yaml" > Dockerfile
3. Build the docker image:
$ cat Dockerfile | docker build -t <imagetag> -f - .
4. Test the docker image. For helloworldoid we don't need to supply any payload:
$ docker run -d -p 8001:8001 <imagetag>
$ curl localhost:8001
helloworldoid's response:
__________________________________________________________________________________________________________________________
/ ('-. .-. ('-. (`\ .-') /` _ .-') _ .-') _ ,---. \
| ( OO ) / _( OO) `.( OO ),' ( \( -O ) ( ( OO) ) | | |
| ,--. ,--.(,------.,--. ,--. .-'),-----. ,--./ .--. .-'),-----. ,------. ,--. \ .'_ | | |
| | | | | | .---'| |.-') | |.-') ( OO' .-. ' | | | ( OO' .-. '| /`. ' | |.-') ,`'--..._)| | |
| | .| | | | | | OO ) | | OO )/ | | | | | | | |, / | | | || / | | | | OO )| | \ '| | |
| | |(| '--. | |`-' | | |`-' |\_) | |\| | | |.'.| |_)\_) | |\| || |_.' | | |`-' || | ' || .' |
| | .-. | | .--'(| '---.'(| '---.' \ | | | | | | \ | | | || . '.'(| '---.'| | / :`--' |
| | | | | | `---.| | | | `' '-' '.-. | ,'. | `' '-' '| |\ \ | | | '--' /.--. |
| `--' `--' `------'`------' `------' `-----' ',/ '--' '--' `-----' `--' '--' `------' `-------' '--' |
\ Hi, I’d like to add you to my professional network on LinkedIn. /
--------------------------------------------------------------------------------------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||--WWW |
|| ||
5. Clean up:
$ docker ps
$ docker stop <container id>
$ docker rm <container id>
6. Commit your code and create a patchset. It will be needed in future steps.
Publishing Docker Images
It's great that our docker image runs, but we should take advantage of the continuous integration pipeline to build our images and publish them to a public repository so that others can use them too!
1. Switch over to the your repo's .pipeline folder. Create a config.yaml file like the one in helloworldoid:
config.yaml
pipelines:
test:
blubberfile: blubber.yaml
stages:
- name: run-test
build: test
run: true
publish:
blubberfile: blubber.yaml
stages:
- name: production
build: production
publish:
image:
tags: [stable]
config.yaml describes what actions need to happen in the continuous integration pipeline and what to publish, for example, tests and lint need to run before publishing a docker image. More detailed tutorials can be found in PipelineLib/Tutorial
2. Commit your config.yaml code and create a patchset.
3. Switch to the integration/config repo.
4. Edit jjb/project-pipelines.yaml:
project-pipelines.yaml
Create or edit pipelines and define jobs for your project, based on what you defined in your config.yaml. For example, helloworldoid has a test and a publish pipeline:
- project:
# blubber-doc/examples/helloworldoid
name: helloworldoid
pipeline:
- test
- publish
jobs:
# trigger-helloworldoid-pipeline-test
# trigger-helloworldoid-pipeline-publish
- 'trigger-{name}-pipeline-{pipeline}'
# helloworldoid-pipeline-test
# helloworldoid-pipeline-publish
- '{name}-pipeline-{pipeline}'
- project:
name: blubber
pipeline:
- test
- rehearse
- publish
jobs:
# trigger-blubber-pipeline-test
# trigger-blubber-pipeline-rehearse
# trigger-blubber-pipeline-publish
- 'trigger-{name}-pipeline-{pipeline}'
5. Edit zuul/layout.yaml:
layout.yaml
Create or edit your repo's publish pipeline in the list of projects. Assign the trigger jobs defined in project-pipelines.yaml to the appropriate CI steps:
# Register the Gerrit project name, apply them pipelines that in turn trigger
# a set of jobs.
projects:
#### Continuous integration and other developer services #######
- name: blubber
test:
- trigger-blubber-pipeline-test
- debian-glue
gate-and-submit:
- trigger-blubber-pipeline-rehearse
- debian-glue
postmerge:
- trigger-blubber-pipeline-publish
- name: blubber-doc/example/helloworldoid
test:
- trigger-helloworldoid-pipeline-test
gate-and-submit:
# all test jobs must have a gate and submit pipeline defined
- noop
postmerge:
- trigger-helloworldoid-pipeline-publish
6. Commit your changes and create a patchset.
Congratulations! After these changes are merged and deployed, your images will be published to docker-registry.wikimedia.org under the wikimedia namespace! The images in the registry can be seen here: https://docker-registry.wikimedia.org/
You can check here for more information about configuring CI: PipelineLib/Guides/How to configure CI for your project
Our docker image has been built, but we still need a way to run it in Kubernetes.
Creating a Helm Chart
We use Helm charts to configure our Kubernetes deployments.
1. Switch to the deployment-charts repo.
2. Use the create_new_service.sh script to create our initial chart. Use the docker image from the wikimedia docker registry:
20:48:06 > jhuneidi@Jeenas-MacBook-Pro > ~/projects/deployment-charts > ⬡ v6.11.0 > go 1.14 > master ✘ ✹ ✭ > ⎈ minikube: >
$ ./create_new_service.sh
/usr/local/bin/envsubst
/usr/bin/awk
Please input the name of the service
helloworldoid
Please input the port the application is listening on
8001
Please input the docker image to use:
wikimedia/blubber-doc-example-helloworldoid
~/projects/deployment-charts/charts/helloworldoid/templates ~/projects/deployment-charts
~/projects/deployment-charts
~/projects/deployment-charts/charts/helloworldoid/templates ~/projects/deployment-charts
~/projects/deployment-charts
You can edit your chart (if needed!) at /Users/jhuneidi/projects/deployment-charts/charts/helloworldoid
3. Edit the files created by the script with specific configuration for our service. Let's take a look:
charts/helloworldoid/values.yaml
In the values.yaml for helloworldoid, I've edited two things - I've changed the default image tag to "stable", which is the tag my images are published with as defined in helloworldoid's blubber.yaml. I've also added the HELLO_WORLD environment variable, which helloworldoid expects to exist, as configurable:
# Default values for helloworldoid.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
helm_scaffold_version: 0.1 # This can be useful when backporting fixes.
docker:
registry: docker-registry.wikimedia.org
pull_policy: IfNotPresent
resources:
replicas: 1
main_app:
image: wikimedia/blubber-doc-example-helloworldoid
version: stable # we use latest everywhere in the defaults.
port: 8001 # port exposed as a Service, also used by service-checker.
# Use command and args below to override the entrypoint. Type is arrays
# Not necessary unless you want to change the entrypoint defined in the docker image
# Example:
# command: ["node"]
# args: ["bin/server.js", "--param1", "arg1"]
command: []
service:
deployment: minikube # valid values are "production" and "minikube"
port:
name: http # a unique name of lowercase alphanumeric characters or "-", starting and ending with alphanumeric, max length 63
# protocol: TCP # TCP is the default protocol
targetPort: 8001 # the number or name of the exposed port on the container
port: 8001 # the number of the port desired to be exposed to the cluster
nodePort: null # you need to define this if "production" is used. In minikube environments let it autoallocate
config:
public: # Add here all the keys that can be publicly available as a ConfigMap
HELLO_WORLD: Hi, I’d like to add you to my professional network on LinkedIn.
private: {} # Add here all the keys that should be private but still available as env variables
Testing the Helm Chart
We can use helm commands to apply the chart and deploy our app to Minikube, but for this example, let's test that our chart works using the local-charts environment. If you want to test your app with other apps that have been migrated to Kubernetes, it might be easy to test it with local-charts. Add your new deployment-chart to local-charts:
1. In the local-charts repo, update helm/requirements.yaml, using the path to your deployment-charts chart as the repository:
helm/requirements.yaml
dependencies:
- name: mariadb
version: 6.x.x
repository: "https://kubernetes-charts.storage.googleapis.com/"
condition: global.enabled.mariadb
- name: mediawiki-dev
alias: mediawiki
version: 0.0.6
repository: "https://releases.wikimedia.org/charts/"
condition: global.enabled.mediawiki
- name: parsoid
version: 0.0.3
repository: "https://releases.wikimedia.org/charts/"
condition: global.enabled.parsoid
- name: restrouter
version: 0.1.0
repository: "file://restrouter"
condition: global.enabled.restrouter
- name: helloworldoid
version: 0.0.1
repository: "file://../../deployment-charts/charts/helloworldoid"
condition: global.enabled.helloworldoid
values.example.yaml
2. Enable your service in values.yaml, and for testing purposes, disable any undesired services:
# Default values for localdev.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
restbaseNodePort: &restbaseNodePort 31327
dbPassword: &dbPassword "password"
dbName: &dbName "my_wiki"
enabled:
mariadb: false
mediawiki: false
parsoid: false
restrouter: false
helloworldoid: true
3. Try running your service in Kubernetes:
From the root of the local-charts repo, type make deploy values=values.example.yaml in the terminal to deploy to Minikube.
20:00:32 > jhuneidi@Jeenas-MacBook-Pro > ~/projects/local-charts > ⬡ v6.11.0 > go 1.14 > master ✘ ✹ ✭ > ⎈ minikube: >
$ make deploy values=values.example.yaml
helm dependency update ./helm
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "wikimedia" chart repository
Update Complete. ⎈Happy Helming!⎈
Saving 6 charts
Downloading mariadb from repo https://kubernetes-charts.storage.googleapis.com/
Downloading mediawiki-dev from repo https://releases.wikimedia.org/charts/
Downloading parsoid from repo https://releases.wikimedia.org/charts/
walk.go:74: found symbolic link in path: /Users/jhuneidi/projects/deployment-charts/charts/helloworldoid/templates/_helpers.tpl resolves to /Users/jhuneidi/projects/deployment-charts/common_templates/0.2/_helpers.tpl
walk.go:74: found symbolic link in path: /Users/jhuneidi/projects/deployment-charts/charts/helloworldoid/templates/_tls_helpers.tpl resolves to /Users/jhuneidi/projects/deployment-charts/common_templates/0.1/_tls_helpers.tpl
Downloading blubberoid from repo https://releases.wikimedia.org/charts/
Deleting outdated charts
helm install "default" -f values.example.yaml --set mediawiki.main_app.xdebug.remoteHost=192.168.64.1 ./helm
NAME: default
LAST DEPLOYED: Mon Jun 15 20:00:45 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
Run 'minikube ip' and 'kubectl get svc' to see what ip/port your app is running on
4. now we can attempt a request to our running service:
20:01:16 > jhuneidi@Jeenas-MacBook-Pro > ~/projects/local-charts > ⬡ v6.11.0 > go 1.14 > master ✘ ✹ ✭ > ⎈ minikube: >
$ minikube ip
192.168.64.18
20:06:15 > jhuneidi@Jeenas-MacBook-Pro > ~/projects/local-charts > ⬡ v6.11.0 > go 1.14 > master ✘ ✹ ✭ > ⎈ minikube: >
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
helloworldoid-default NodePort 10.97.107.149 <none> 8001:32130/TCP 5m42s
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 7h16m
20:06:29 > jhuneidi@Jeenas-MacBook-Pro > ~/projects/local-charts > ⬡ v6.11.0 > go 1.14 > master ✘ ✹ ✭ > ⎈ minikube: >
$ curl 192.168.64.18:32130
__________________________________________________________________________________________________________________________
/ ('-. .-. ('-. (`\ .-') /` _ .-') _ .-') _ ,---. \
| ( OO ) / _( OO) `.( OO ),' ( \( -O ) ( ( OO) ) | | |
| ,--. ,--.(,------.,--. ,--. .-'),-----. ,--./ .--. .-'),-----. ,------. ,--. \ .'_ | | |
| | | | | | .---'| |.-') | |.-') ( OO' .-. ' | | | ( OO' .-. '| /`. ' | |.-') ,`'--..._)| | |
| | .| | | | | | OO ) | | OO )/ | | | | | | | |, / | | | || / | | | | OO )| | \ '| | |
| | |(| '--. | |`-' | | |`-' |\_) | |\| | | |.'.| |_)\_) | |\| || |_.' | | |`-' || | ' || .' |
| | .-. | | .--'(| '---.'(| '---.' \ | | | | | | \ | | | || . '.'(| '---.'| | / :`--' |
| | | | | | `---.| | | | `' '-' '.-. | ,'. | `' '-' '| |\ \ | | | '--' /.--. |
| `--' `--' `------'`------' `------' `-----' ',/ '--' '--' `-----' `--' '--' `------' `-------' '--' |
\ Hi, I’d like to add you to my professional network on LinkedIn. /
--------------------------------------------------------------------------------------------------------------------------
\
\
\
_____
.:´.: .: . : :. ` 、
..: /.: .: .: . : .: .: \
.::/::: ノ /、 \
..:/.: ::.:|_/::|:/ \:__|: .\
.:: :::: :::/|/`ヽ|/ '\:ト、: .
.:::|.:: ::/:ィf于ミ .ィ≠ミ、V: :. .
..:::|.:::ノ::{{:::} {:::}}{: |\|
..:::::::_::|::うニソ う:ソV: |
.::: /.:/ |:|:ヽヽ ` }: |
.:::/イ:{ |:|: / ̄ ̄ ァ ノ :|
..::|.ゝ,ヽ|: / / /:::八
.:::V:::::>:._ヽ、 ./__ .イ:ハ:/
..::\|\:斗:ーrヘ`ア又<V|/
..::::/⌒: :|:VV{ヽ:\
.:/.: :|::l::ヘ}/\|:}:.\
..::「.: :|::>:V//|〈:.}.}
...::/.:: :|::\: V/| / :}:.┐
...::/.::::rー::::\:V|/〈::::.ヽ
..:::/.::::イ::::::: \ Y::ヽ:::::.\ %
Whoops, I forgot to add helloworldoid's configurables our values.example.yaml. I'll change it and run make update values=values.example.yaml to update our deployment.
# Default values for localdev.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
restbaseNodePort: &restbaseNodePort 31327
dbPassword: &dbPassword "password"
dbName: &dbName "my_wiki"
enabled:
mariadb: false
mediawiki: false
parsoid: false
restrouter: false
helloworldoid: true
helloworldoid:
config:
public:
HELLO_WORLD: "Hi, welcome to local-charts!"
20:58:51 > jhuneidi@Jeenas-MacBook-Pro > ~/projects/local-charts > ⬡ v6.11.0 > go 1.14 > master ✘ ✹ ✭ > ⎈ minikube: >
$ make update values=values.example.yaml
helm dependency update ./helm
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "wikimedia" chart repository
Update Complete. ⎈Happy Helming!⎈
Saving 6 charts
Downloading mariadb from repo https://kubernetes-charts.storage.googleapis.com/
Downloading mediawiki-dev from repo https://releases.wikimedia.org/charts/
Downloading parsoid from repo https://releases.wikimedia.org/charts/
walk.go:74: found symbolic link in path: /Users/jhuneidi/projects/deployment-charts/charts/helloworldoid/templates/_helpers.tpl resolves to /Users/jhuneidi/projects/deployment-charts/common_templates/0.2/_helpers.tpl
walk.go:74: found symbolic link in path: /Users/jhuneidi/projects/deployment-charts/charts/helloworldoid/templates/_tls_helpers.tpl resolves to /Users/jhuneidi/projects/deployment-charts/common_templates/0.1/_tls_helpers.tpl
Downloading blubberoid from repo https://releases.wikimedia.org/charts/
Deleting outdated charts
helm upgrade "default" -f values.example.yaml --set mediawiki.main_app.xdebug.remoteHost=192.168.64.1 ./helm
Release "default" has been upgraded. Happy Helming!
NAME: default
LAST DEPLOYED: Mon Jun 15 21:00:43 2020
NAMESPACE: default
STATUS: deployed
REVISION: 2
21:01:58 > jhuneidi@Jeenas-MacBook-Pro > ~/projects/local-charts > ⬡ v6.11.0 > go 1.14 > master ✘ ✹ ✭ > ⎈ minikube: >
$ curl 192.168.64.18:32130
__________________________________________________________________________________________________________________________
/ ('-. .-. ('-. (`\ .-') /` _ .-') _ .-') _ ,---. \
| ( OO ) / _( OO) `.( OO ),' ( \( -O ) ( ( OO) ) | | |
| ,--. ,--.(,------.,--. ,--. .-'),-----. ,--./ .--. .-'),-----. ,------. ,--. \ .'_ | | |
| | | | | | .---'| |.-') | |.-') ( OO' .-. ' | | | ( OO' .-. '| /`. ' | |.-') ,`'--..._)| | |
| | .| | | | | | OO ) | | OO )/ | | | | | | | |, / | | | || / | | | | OO )| | \ '| | |
| | |(| '--. | |`-' | | |`-' |\_) | |\| | | |.'.| |_)\_) | |\| || |_.' | | |`-' || | ' || .' |
| | .-. | | .--'(| '---.'(| '---.' \ | | | | | | \ | | | || . '.'(| '---.'| | / :`--' |
| | | | | | `---.| | | | `' '-' '.-. | ,'. | `' '-' '| |\ \ | | | '--' /.--. |
| `--' `--' `------'`------' `------' `-----' ',/ '--' '--' `-----' `--' '--' `------' `-------' '--' |
\ Hi, welcome to local-charts! /
--------------------------------------------------------------------------------------------------------------------------
\
\
____ _______
ィ'' @ :. ,! ,, , , ̄ ̄ ¨` ‐- __
\ ノ i ’ ’’ ’’、_;:`:‐.-_-‐ニ==彳
` <. _ .ー 、 !三 <
`¨ ‐= . ____.. ニ=-‐‐`'´`ミ、 三>
 ̄ ̄%
5. Make sure to commit your changes in the deployment-charts repo and create a patchset. If you've added a new service to local-charts, why not also commit those changes and create a patchset for review?
Getting Deployed to Production
We have a deployment chart. What does it take to get our app deployed to production?
Running Benchmarks
Now that we know our service runs in Kubernetes, we can run benchmarks to determine how many resources it needs. This is required for deployment to production.
1. Follow this tutorial to benchmark: User:Alexandros Kosiaris/Benchmarking kubernetes apps
2. Update the deployment-charts chart with the values discovered during the benchmark tests and push a patchset for review.
Finally, contact the serviceops team.