In this article we will show you how to set up the deployment of an example application (a cool voting app in our case) using werf. It is better to start with a short introduction first if you haven’t read it yet.
Prepare
You should have access to the Kubernetes cluster and be able to push images to your container registry. The container registry should also be accessible from the Kubernetes cluster to pull images.
If your Kubernetes and container registry are running already:
- Perform the standard docker login procedure into your container registry from your host.
- Make sure your Kubernetes cluster is accessible from your host (if the
kubectltool is already set up and running, thenwerfwill also work just fine).
Or use one of the following instructions to set up the local Kubernetes cluster and container registry in your OS:
- Install minikube.
- Install kubectl.
-
Start minikube:
minikube start --driver=docker --insecure-registry registry.example.com:80IMPORTANT Param
--insecure-registryallows usage of Container Registry without TLS. TLS in our case dropped for simplicity. -
Install NGINX Ingress Controller:
minikube addons enable ingress -
Install Container Registry to store images:
minikube addons enable registryCreate Ingress to access Container Registry.
@" --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: registry namespace: kube-system annotations: nginx.ingress.kubernetes.io/proxy-body-size: "0" spec: rules: - host: registry.example.com http: paths: - path: / pathType: Prefix backend: service: name: registry port: number: 80 "@ | kubectl apply -f - -
Allow usage of Container Registry without TLS for Docker:
Using menu Docker Desktop -> Settings -> Docker Engine add following configuration key:
{ "insecure-registries": ["registry.example.com:80"] }Restart Docker Desktop using right button menu of the tray Docker Desktop icon.
Then start minikube again:
minikube start --driver=docker --insecure-registry registry.example.com:80 -
Allow usage of Container Registry without TLS for werf:
Set
WERF_INSECURE_REGISTRY=1environment variable in the terminal where werf would run.For cmd.exe:
set WERF_INSECURE_REGISTRY=1For bash:
export WERF_INSECURE_REGISTRY=1For PowerShell:
$Env:WERF_INSECURE_REGISTRY = "1" -
We are going to use
vote.quickstart-application.example.comandresult.quickstart-application.example.comdomains to access application andregistry.example.comdomain to access Container Registry.Let’s update hosts file. Get minikube IP-address:
minikube ipUsing IP-address above append line to the end of the file
C:\Windows\System32\drivers\etc\hosts:<IP-address minikube> vote.quickstart-application.example.com result.quickstart-application.example.com registry.example.comShould look like:
192.168.99.99 vote.quickstart-application.example.com result.quickstart-application.example.com registry.example.com -
Let’s also add
registry.example.comdomain to the minikube node:minikube ssh -- "echo $(minikube ip) registry.example.com | sudo tee -a /etc/hosts"
- Install minikube.
- Install kubectl.
-
Start minikube:
minikube start --vm=true --insecure-registry registry.example.com:80IMPORTANT Param
--insecure-registryallows usage of Container Registry without TLS. TLS in our case dropped for simplicity. -
Install NGINX Ingress Controller:
minikube addons enable ingress -
Install Container Registry to store images:
minikube addons enable registryCreate Ingress to access Container Registry:
kubectl apply -f - << EOF --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: registry namespace: kube-system annotations: nginx.ingress.kubernetes.io/proxy-body-size: "0" spec: rules: - host: registry.example.com http: paths: - path: / pathType: Prefix backend: service: name: registry port: number: 80 EOF -
Allow usage of Container Registry without TLS for docker:
Using menu Docker Desktop -> Settings -> Docker Engine add following configuration key:
{ "insecure-registries": ["registry.example.com:80"] }Restart Docker Desktop using right button menu of the tray Docker Desktop icon.
Then start minikube again:
minikube start --vm=true --insecure-registry registry.example.com:80 -
Allow usage of Container Registry without TLS for werf:
Set
WERF_INSECURE_REGISTRY=1environment variable in the terminal where werf would run. For bash:export WERF_INSECURE_REGISTRY=1To set this option automatically in new bash-sessions, add it to the
.bashrc:echo export WERF_INSECURE_REGISTRY=1 | tee -a ~/.bashrc -
We are going to use
vote.quickstart-application.example.comandresult.quickstart-application.example.comdomains to access application andregistry.example.comdomain to access Container Registry.Let’s update hosts file. Run the following command in the terminal:
echo "$(minikube ip) vote.quickstart-application.example.com result.quickstart-application.example.com registry.example.com" | sudo tee -a /etc/hosts -
Let’s also add
registry.example.comdomain to the minikube node:minikube ssh -- "echo $(minikube ip) registry.example.com | sudo tee -a /etc/hosts"
-
Install minikube according to the instructions (completing its first section called “Installation” is sufficient).
-
Start minikube:
minikube start --driver=docker --insecure-registry registry.example.com:80IMPORTANT Param
--insecure-registryallows usage of Container Registry without TLS. TLS in our case dropped for simplicity. -
If you haven’t installed
kubectlyet, you can create an alias to usekubectlsupplied with minikube:alias kubectl="minikube kubectl --" echo 'alias kubectl="minikube kubectl --"' >> ~/.bash_aliases -
Install NGINX Ingress Controller:
minikube addons enable ingress -
Install Container Registry to store images:
minikube addons enable registryCreate Ingress to access Container Registry:
kubectl apply -f - << EOF --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: registry namespace: kube-system annotations: nginx.ingress.kubernetes.io/proxy-body-size: "0" spec: rules: - host: registry.example.com http: paths: - path: / pathType: Prefix backend: service: name: registry port: number: 80 EOF -
Allow usage of Container Registry without TLS for Docker:
Add new key to the file
/etc/docker/daemon.json(default location):{ "insecure-registries": ["registry.example.com:80"] }If there is no such file in the directory, you need to create it and insert the above lines into it. Note that you need the superuser (root) privileges to access and modify files in the
/etcdirectory.Restart Docker:
sudo systemctl restart dockerThen start minikube again:
minikube start --driver=docker --insecure-registry registry.example.com:80 -
Allow usage of Container Registry without TLS for werf:
Set
WERF_INSECURE_REGISTRY=1environment variable in the terminal where werf would run. For bash:export WERF_INSECURE_REGISTRY=1To set this option automatically in new bash-sessions, add it to the
.bashrc:echo export WERF_INSECURE_REGISTRY=1 | tee -a ~/.bashrc -
We are going to use
vote.quickstart-application.example.comandresult.quickstart-application.example.comdomains to access application andregistry.example.comdomain to access Container Registry.Let’s update hosts file. Make sure minikube is up and running:
echo "$(minikube ip)"If the result shows the IP address of the cluster, your cluster is up.
Run the following command in the terminal:
echo "$(minikube ip) vote.quickstart-application.example.com result.quickstart-application.example.com registry.example.com" | sudo tee -a /etc/hosts -
Let’s also add
registry.example.comdomain to the minikube node:minikube ssh -- "echo $(minikube ip) registry.example.com | sudo tee -a /etc/hosts"
Deploy an example application
-
Clone the example application’s repository:
git clone https://github.com/werf/quickstart-application cd quickstart-application -
Run the converge command using your container registry for storing images (
localhost:5000/quickstart-applicationrepository in the case of a local container registry).werf converge --repo registry.example.com:80/quickstart-application
NOTE: werf uses the same settings to connect to the Kubernetes cluster as the kubectl tool does: the ~/.kube/config file and the KUBECONFIG environment variable. werf also supports --kube-config and --kube-config-base64 parameters for specifying custom kubeconfig files.
Check the result
When the converge command is successfully completed, it is safe to assume that our application is up and running.
Our application is a basic voting system. Let’s check it!
-
Go to the following URL to vote: vote.quickstart-application.example.com
-
Go to the following URL to check the result of voting: result.quickstart-application.example.com
How it works
To deploy an application using werf, we should define the desired state in the Git (as set out in the How it works).
-
We have the following Dockerfiles in our repository:
vote/Dockerfile result/Dockerfile worker/Dockerfile -
The
werf.yamlfile references those Dockerfiles:configVersion: 1 project: quickstart-application --- image: vote dockerfile: Dockerfile context: vote --- image: result dockerfile: Dockerfile context: result --- image: worker dockerfile: Dockerfile context: worker -
Kubernetes templates for
vote,db,redis,resultandworkercomponents of the application are described in the files of a.helm/templates/directory. Components interact with each other as shown in the diagram:
- A front-end web app in Python or ASP.NET Core lets you vote for one of the two options;
- A Redis or NATS queue collects new votes;
- A .NET Core, Java or .NET Core 2.1 worker consumes votes and stores them in…
- A Postgres or TiDB database backed by a Docker volume;
- A Node.js or ASP.NET Core SignalR web-app shows the results of the voting in real-time.
