Deploying Services¶

To deploy a service to a Kubernetes cluster, the Github repository needs to provide a Bash script that renders a Kubernetes manifest in YAML format to standard out. This file must be located in the folder deploy/ and named deploy.sh.

`deploy.sh`¶

The script should take the following environment variables into account when generating the manifest:

APP_REPO: e.g. crate/cloud-api

The repository of the service to deploy
APP_VERSION: e.g. master | branch | commit hash | 0.7.2

The service version to deploy
K8S_ENV: e.g. k8s-dev | k8s

The Kubernetes environment (dev or prod)
K8S_REGION: e.g. bregenz | westeurope | aks1.westeurope | eks1.eu-west-1 | …

The name of the Kubernetes region
K8S_PROVIDER: e.g. a1 | azure | aws

The Kubernetes provider
K8S_CONTEXT: $K8S_ENV.$K8S_REGION.$K8S_PROVIDER

The Kubernetes context which should also reflect the name of the .yaml files with values for the templated variables.

Usage¶

The script can then be invoked like so to deploy to a Kubernetes cluster:

$ export APP_REPO=crate/cloud-api
$ export APP_VERSION=2020.11.3
$ export K8S_ENV=k8s
$ export K8S_REGION=bregenz
$ export K8S_PROVIDER=a1
$ export K8S_CONTEXT=$K8S_ENV.$K8S_REGION.$K8S_PROVIDER
$ ./deploy.sh | kubectl --context $K8S_CONTEXT apply -f -

As a reference implementation of script, please look at the crate/cloud-api repository.

Jenkins¶

The deploy.sh shell script is invoked by a Jenkins job configured with the environment variables mentioned above.

Limitations¶

Since most deployments require some sort of credentials, the deploy scripts usually require access to Vault. However, access to Vault is restricted to sysadmins. The Jenkins jobs can be invoked by any developer, though.

Helm¶

In order to use Helm to deploy a service, a Helm Chart must be add to the service Github repo or into a dedicated GitHub repo.

Create a Chart¶

helm create my-project

Remove/add the templates and the values.

Deploy from local folder¶

helm install my-service chart/path

Deploy from repo¶

Add and configure the chart-releaser GitHub action in the GitHub repo in order to host the charts. The index.html is served by using GitHub Pages. Everytime the chart is modified (e.g. app version changed), a new release will be pushed. See Helm Chart Releaser for further details.

Import the repo and install the chart:

helm repo add crate-operator https://crate.github.io/crate-operator
helm install crate-operator crate-operator/crate-operator

Deployment in Jenkins¶

In order to be able to deploy each version of the code, we pull the GitHub repo and install/upgrade the Chart from the local folder. The values can be overwritten by applying one or many values file in order to have the good environment values with -f or with --set to change just one value.

helm upgrade crate-operator deploy/charts/crate-operator \
  -f crate_cloud/crate-operator/helm-values/common.yaml \
  -f crate_cloud/crate-operator/helm-values/\${K8S_CONTEXT}.yaml \
  --install \
  --atomic \
  --namespace "cloud-app" \
  --set image.tag="\${APP_VERSION}" \
  --set crate-operator-crds.enabled=false \
  --kube-context "\${K8S_CONTEXT}"