Run mission-critical applications on Kubernetes | DevOps Tool of the Month (3)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video we're going to talk about a tool that makes working with kubernetes for developers extremely easy called shipa so first we're going to see what problems shipa solves when working with kubernetes we will then see how shippa actually works and finally i will show you a demo where we will install shipa and seed in action let's say in our project we decided we will use kubernetes to run our application what usually happens in such cases is developers will start to learn kubernetes like kubernetes yaml configuration files kubernetes components such as services deployments etc and kubernetes is not that easy to just learn on the site so as a result developers take most of the time away from actually programming and instead spend it on learning kubernetes and trying to configure the application to run on kubernetes after the configuration they obviously need to test that everything works fine this means they need to deploy the application in a cluster so they need to learn cube ctl or set up a local mini cube cluster or learn how to deploy the yaml files from cicd pipeline again more stuff to learn that has nothing to do with actual programming and is just an overhead of introducing a new technology now what happens after developers have spent days of learning and trying out stuff they finally deploy their application but because they don't know kubernetes so well they may easily misconfigure stuff where the application may be running but long term will create some problems or maybe they deploy their application with security issues simply because they don't know the security best practices in kubernetes this could be related to external services access permissions storing credentials in kubernetes and so on on the other side we have kubernetes administrators these are platform admins who actually set up the kubernetes clusters so developers can use them so when developers start deploying their stuff in clusters using yaml files which are not properly configured or have security issues admins need to take care of cleaning up the mess or identifying such problems and fixing them and then showing developers how to configure it the next time or when developers get stuck or they need additional things in the cluster like monitoring logging they will ask the platform administrators for support so basically as you see developers having to learn and work with kubernetes directly is not a good idea in most of the projects it creates more effort for developers as well as platform administrators the solution is to abstract away the complexity of kubernetes from developers to have something that developers can just feed their code to and it will automatically create kubernetes components like services pods config maps but also do all of that with the configuration and security best practices of kubernetes and that's exactly what shipper does now how does shipa do all this first the kubernetes administrators will connect shipa to multiple kubernetes clusters which may be running on different platforms after which they will create and configure what's called shipa frameworks each framework can be configured with security rules permissions like who can deploy what in that framework and some other configuration to automatically create kubernetes components when the application gets deployed so now developers can simply push their code changes without worrying about any kubernetes related configurations then cicd pipeline will build the code and deliver it to one of the shipa frameworks and ship a framework which is already pre-configured by the admins with all the appropriate settings and rules will check the permissions do security scan assign resources to the application and automatically create all the needed kubernetes components in the cluster so overall this means that instead of platform administrators needing to support developers who are struggling with kubernetes while also making sure the developers don't accidentally mess up the cluster now the admins have all the control and overview of the clusters and how they want to configure it while also freeing the developers from this struggle of working with kubernetes directly so both developers and administrators can now do their jobs more efficiently as a result in the demo we will see two main parts first we will see platform administrator tasks so we will install shipa connect kubernetes cluster to shipa and configure that cluster with different settings using a framework second we will deploy an application into the pre-configured cluster as a developer so let's start with the first step which is creating lk cluster on my lynode account i'm just going to create a cluster select the region nearest to you let's get the latest kubernetes version two of these nodes here and create so our cluster is running so now we can connect to our cluster using this cubeconfig file so i'm gonna download it and once downloaded we're gonna set the cubeconfig and now we can access the cluster which is empty for now so now we're gonna install shipa into our cluster using shipper helm charts the first thing we're going to do is create a namespace a separate namespace where we're going to deploy shipa so let's do that and let's call it shipa system and now we can deploy chart into that namespace for that we have to first add a repository where the chart is so this adds the home repository and now from the repository we can install the chart this is the chart name and as you know when we install helm charts we can override some of the values in the chart right using a values.yaml file and we're gonna need to override just two values which are gonna be username and password so we're gonna need that values.yaml file first so right here i'm going to create values.yaml file right here we have actually the example of how to set this and as you see we have auth and then we have admin user admin password and obviously we can set the values here ourselves this is going to be an email address i'm going to put mine here password super secret and save so we have the values file which we can now use to install the chart so going back to the documentation i'm going to copy this helm install command and let's see that so helm install this is the name that we are giving to our chart installation so we can call it shipa we can leave it at that and this is the name of the shipa chart from this repository so in this install command we're gonna pass that values yaml file as a parameter so it will overwrite this admin user and admin password values now we're gonna need two more options to set here in install command so first one is going to be namespace because we want to install the chart into the shipa system namespace so that's one and the second one is a timeout which is important because the installation of ship actually takes quite some time so we're gonna increase the timeout of this helm command so it just waits longer for the installation to complete so we're gonna set timeout here and it usually takes around 15 to 20 minutes so let's do 20 to be sure and now we can execute this command and wait until shipper gets installed so ship a chart installed successfully you see some output here for kind of the next steps that you can take first of all we see that a default user was configured with the username and password that we provided using this values.yml file so that's what we're going to be using to log into shipa now you can check in the shepa system namespace a lot of pods and services were created and one of the applications is the shipa ui and we can access it using the dashboard web service and since it's an internal service we're going to do port forwarding on that service to access it from localhost shipa system namespace service and the port now on this address we can access the shipper ui and as you see we have the login page and this is where we use the email address and password for the default user that got created and we're just going to click next fill out the form you get the activation code for the email and activate and this is shipper dashboard where you have a nice overview of all the shipper components and clusters that chip manages so now as a kubernetes administrator i can actually use the dashboard to manage the clusters to create teams and users and to give them access to certain clusters but also configure frameworks or set of rules for the clusters which as i mentioned earlier is the way to give the kubernetes administrators control over how the clusters are configured and what rules to apply when the developers deploy their applications in the cluster so with the default user you actually have admin privileges so with this user i could actually now create users and teams and give them permissions to deploy to the clusters create frameworks so in our case let's say as an admin i create a developer user and shipa dev team then i'll have to add the user to the team and give them permissions to deploy applications into the cluster currently we can't do that from the shipper dashboard so we will use a cheaper command line tool and installing cheaper cli is actually pretty simple we just have to execute this one command successfully install so now if i do cheaper i should see that cheaper is working we have the version and the list of commands so in order to be able to use the shipper command we have to connect shipper client to the shipper installation so we're going to add what's called shipa target and the target is going to be the address of the shipper public load balancer so right here if i do cubectl getservice you see we have a list of services here and one of them is a load balancer type which means it is actually a publicly available endpoint and in lynode we can see it's a node balancer this one right here so that's basically the endpoint of shipa so i'm going to copy that ip address and right here we can execute shipa target add and the name of the target we can call it cheaper again the ip address that i just copied and with minus s we are basically saying set these as a current target so if i execute this it says new target shipa now that we have shipper target set and cheaper cli pointing to that shipper target we're gonna log into shipa just like we did on the dashboard so comment for that is shipa login and this is the email address or the username in this case forshipa and then the same password and now we can actually do anything in chipa using this user because this user has all the privileges so in order to see that i can actually do user list which is one of the commands and this will show me all the users in that shipa installation to which we are connected now and this is the user i'm logged in with which has basically all the permissions and this is another user that has no permissions because we haven't assigned any now with shipa client we can create a developer role we can add permissions to the developer role and then assign the role to the user and add the developer user to the shipa dev team and you can see all these commands in the shipper documentation which i will link in the description as an admin i will now create framework component for development cluster to configure which security settings and access rules will be applied when applications get deployed into that cluster and note that framework will apply to a specific namespace and not the whole cluster this way you can apply different rules to different name spaces in the same cluster now we have a framework but we have to assign that framework to a cluster and let's say our development cluster is running on eks so we'll have to connect that eks cluster to shipa so that we can apply shipper framework on it and this is a common use case because you use shipa to manage multiple clusters from different platforms i already have an eks cluster running so to connect that we'll have to create a user in that kubernetes cluster and then give shipa credentials of that user to connect to the cluster again i will link all the steps for that in the description so now as an admin we have created a developer user with permissions to deploy their applications to the cluster we have added an eks cluster to shipa and we have applied a framework to that eks cluster which means that now developers in this team can actually start deploying their applications to the development cluster so how will developers actually do that also using shipa command line interface from their local machine developer would set the cheaper target and log into shipper with its user credentials and using shipperclient they can deploy applications in a kubernetes development cluster managed by shipa so in shipa developers can actually deploy applications in three different ways first of all if developers are testing their code changes they can deploy the source code to the kubernetes cluster directly from their local machine using shipa second they can deploy a docker image into the cluster also from their local machine or the third way they can deploy from a cicd pipeline which is going to be the most common use case generally when deploying applications so in this case developers would just push their code changes triggers the icd pipeline which then will build the application image and execute shipper commands to deploy that image into the cluster so in any of these three cases the deployment does not require any kubernetes specific knowledge or a bunch of kubernetes yaml files we basically just give shipa the image or source code and shipper will then take care of creating all the necessary kubernetes components for that application and in our example now we're gonna deploy an application from an image and we're going to use a public nginx image from docker hub just to show you a simple demo so basically deployment is going to be in two steps we're going to create a shipa application which is going to be listed here and then we're going to deploy that application so shipa app create we're going to give our application a name just like here we have a dashboard as an application name let's call it my app and then we're going to have the team because team has access and permission to deploy and create applications and then we have the framework and we're going to use development framework so basically we're saying create my app definition for team shipa dev team using framework development and shipper knows how that framework is configured to which cluster it applies etc so it will do all that in background so if i execute this this will create my app and now if we go back to the dashboard you see that we have my app here and the status is idle and that means that the application definition just created but no components were created yet so now as a second step we're going to deploy the application so the pods will actually start and to deploy the application we're going to use shipa app deploy command and then we're going to provide the name of the application that we created here and we want to deploy it from nginx image and for that we're going to do dash i for image and nginx so i'm going to execute this and shipper will start pulling nginx and deploying it into the kubernetes cluster and going back you see that the status is now running and we have one unit so if i go inside we have an endpoint as well which got generated just for this application and if we click inside there you go we have welcome to nginx page so that's how you can deploy applications in shipa and for every application that you create and deploy you have some metrics here for application as well as the shipper units which kind of maps to kubernetes pods you can use the lifecycle tag to actually roll back the images so if we deployed another version of our application image then you would have the list right here and then you can choose one of the previous images to roll back to now just note here all that i demoed in this video is actually a free version of shipa so you can just install it and try it out for free in the pro version though they actually have a couple of really cool additional features so for example for each application you get network policies so these are the network rules for incoming so for ingress and for outgoing traffic and you can configure this for every application in a very specific way so from which services you allow traffic on which port etc you also have the security scans which is a really useful security feature so basically you get automatic scans for your applications and then you see an overview of any vulnerabilities that the security scan detected in your applications and you also have something called integration so with this you can actually configure whenever something happens to your application something happens in your setup you can actually send automatic notifications to one of those services and another cool thing that you have in the pro version is an application map so here you have a nice graph of how different components kind of interact with each other and you also have the network map for incoming connections to your clusters and for outgoing connections now let me know in the comments what you think about shipa and with that thank you for watching and see you in the next video

Info

Channel: TechWorld with Nana

Views: 29,276

Rating: undefined out of 5

Keywords: kubernetes, shipa, kubernetes for developers, shipa.io, techworld with nana, cloud-native, k8s for developers, kubernetes application management, kubernetes developer portal, devops, devops tool, cloudnative, kubernetes application framework

Id: _f8QfKx4rws

Channel Id: undefined

Length: 21min 4sec (1264 seconds)

Published: Fri Mar 26 2021