You are browsing a read-only backup copy of Wikitech. The primary site can be found at wikitech.wikimedia.org

Deployment pipeline/Migration/Tutorial

From Wikitech-static
Jump to navigation Jump to search

Migrating a service to Kubernetes

A Guide With Examples From HelloWorldOid

TL;DR:

  1. Create .pipeline/blubber.yaml
  2. Generate dockerfile using Blubber
  3. Create and test docker image
  4. Create .pipeline/config.yaml
  5. Update integration/config to run the pipeline you created for testing and publishing your service
  6. Create helm deployment chart
  7. Test in minikube (Try local-charts if you want to test integrations with other services/apps or do more development!)
  8. Run benchmarks and update deployment chart
  9. Talk to SRE about deployment to production

Set Up

We’re going to migrate your service to Kubernetes! If you have any questions, contact the Release Engineering team.

Pre-requirements:

Clone the Repositories:

Creating a Docker Image

Services running in production need a docker image generated and pushed to the wikimedia docker registry during CI. You'll need a .pipeline/blubber.yaml file like the one in the helloworldoid repository:

blubber.yaml:

version: v4
base: docker-registry.wikimedia.org/nodejs-slim
runs:
  environment:
    HELLO_WORLD: Hi, I’d like to add you to my professional network on LinkedIn.

variants:
  build:
    base: docker-registry.wikimedia.org/nodejs-devel
    copies: [local]
    node: { requirements: [package.json] }
  test:
    includes: [build]
    entrypoint: [npm, test]
  prep:
    includes: [build]
    node: { env: production }
  production:
    copies: [prep]
    entrypoint: [node, index.js]

blubber.yaml tells the blubber service what operating system, packages, libraries, and files are needed in your docker image. We need a docker image to deploy to Kubernetes because services in Kubernetes must be in a container. The blubber service will output a dockerfile that can be used to create your docker image. More detailed tutorials can be found here: Blubber/Tutorial


1. Create your blubber.yaml file.

2. Use the blubberoid service to create your dockerfile from the blubber configuration! Switch to the root directory of your repo.

$ curl -s "https://blubberoid.wikimedia.org/v1/production" \ 
                -H 'content-type: application/yaml' \
                --data-binary @".pipeline/blubber.yaml" > Dockerfile

3. Build the docker image:

$ cat Dockerfile | docker build -t <imagetag> -f - .

4. Test the docker image. For helloworldoid we don't need to supply any payload:

$ docker run -d -p 8001:8001 <imagetag>
$ curl localhost:8001

helloworldoid's response:

__________________________________________________________________________________________________________________________
/  ('-. .-.   ('-.                                             (`\ .-') /`             _  .-')            _ .-') _  ,---.  \
| ( OO )  / _(  OO)                                             `.( OO ),'            ( \( -O )          ( (  OO) ) |   |  |
| ,--. ,--.(,------.,--.      ,--.      .-'),-----.          ,--./  .--.   .-'),-----. ,------.  ,--.     \     .'_ |   |  |
| |  | |  | |  .---'|  |.-')  |  |.-') ( OO'  .-.  '         |      |  |  ( OO'  .-.  '|   /`. ' |  |.-') ,`'--..._)|   |  |
| |   .|  | |  |    |  | OO ) |  | OO )/   |  | |  |         |  |   |  |, /   |  | |  ||  /  | | |  | OO )|  |  \  '|   |  |
| |       |(|  '--. |  |`-' | |  |`-' |\_) |  |\|  |         |  |.'.|  |_)\_) |  |\|  ||  |_.' | |  |`-' ||  |   ' ||  .'  |
| |  .-.  | |  .--'(|  '---.'(|  '---.'  \ |  | |  |         |         |    \ |  | |  ||  .  '.'(|  '---.'|  |   / :`--'   |
| |  | |  | |  `---.|      |  |      |    `'  '-'  '.-.      |   ,'.   |     `'  '-'  '|  |\  \  |      | |  '--'  /.--.   |
| `--' `--' `------'`------'  `------'      `-----' ',/      '--'   '--'       `-----' `--' '--' `------' `-------' '--'   |
\ Hi, I’d like to add you to my professional network on LinkedIn.                                                          /
 --------------------------------------------------------------------------------------------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||--WWW |
                ||     ||

5. Clean up:

$ docker ps
$ docker stop <container id>
$ docker rm <container id>

6. Commit your code and create a patchset. It will be needed in future steps.

Publishing Docker Images

It's great that our docker image runs, but we should take advantage of the continuous integration pipeline to build our images and publish them to a public repository so that others can use them too!

1. Switch over to the your repo's .pipeline folder. Create a config.yaml file like the one in helloworldoid:

config.yaml

pipelines:
  test:
    blubberfile: blubber.yaml
    stages:
      - name: run-test
        build: test
        run: true
  publish:
    blubberfile: blubber.yaml
    stages:
      - name: production
        build: production
        publish:
          image:
            tags: [stable]

config.yaml describes what actions need to happen in the continuous integration pipeline and what to publish, for example, tests and lint need to run before publishing a docker image. More detailed tutorials can be found in PipelineLib/Tutorial


2. Commit your config.yaml code and create a patchset.

3. Switch to the integration/config repo.

4. Edit jjb/project-pipelines.yaml:

project-pipelines.yaml

Create or edit pipelines and define jobs for your project, based on what you defined in your config.yaml. For example, helloworldoid has a test and a publish pipeline:

- project:
    # blubber-doc/examples/helloworldoid
    name: helloworldoid
    pipeline:
      - test
      - publish
    jobs:
      # trigger-helloworldoid-pipeline-test
      # trigger-helloworldoid-pipeline-publish
      - 'trigger-{name}-pipeline-{pipeline}'
      # helloworldoid-pipeline-test
      # helloworldoid-pipeline-publish
      - '{name}-pipeline-{pipeline}'

- project:
    name: blubber
    pipeline:
      - test
      - rehearse
      - publish
    jobs:
      # trigger-blubber-pipeline-test
      # trigger-blubber-pipeline-rehearse
      # trigger-blubber-pipeline-publish
      - 'trigger-{name}-pipeline-{pipeline}'

5. Edit zuul/layout.yaml:

layout.yaml

Create or edit your repo's publish pipeline in the list of projects. Assign the trigger jobs defined in project-pipelines.yaml to the appropriate CI steps:

# Register the Gerrit project name, apply them pipelines that in turn trigger
# a set of jobs.
projects:
#### Continuous integration and other developer services #######

  - name: blubber
    test:
      - trigger-blubber-pipeline-test
      - debian-glue
    gate-and-submit:
      - trigger-blubber-pipeline-rehearse
      - debian-glue
    postmerge:
      - trigger-blubber-pipeline-publish

  - name: blubber-doc/example/helloworldoid
    test:
      - trigger-helloworldoid-pipeline-test
    gate-and-submit:
    # all test jobs must have a gate and submit pipeline defined
      - noop
    postmerge:
      - trigger-helloworldoid-pipeline-publish

6. Commit your changes and create a patchset.

Congratulations! After these changes are merged and deployed, your images will be published to docker-registry.wikimedia.org under the wikimedia namespace! The images in the registry can be seen here: https://docker-registry.wikimedia.org/

You can check here for more information about configuring CI: PipelineLib/Guides/How to configure CI for your project

Our docker image has been built, but we still need a way to run it in Kubernetes.

Creating a Helm Chart

We use Helm charts to configure our Kubernetes deployments.

1. Switch to the deployment-charts repo.

2. Use the create_new_service.sh script to create our initial chart. Use the docker image from the wikimedia docker registry:

20:48:06 > jhuneidi@Jeenas-MacBook-Pro > ~/projects/deployment-charts > ⬡ v6.11.0 > go 1.14 > master ✘ ✹ ✭ > ⎈ minikube: >
$ ./create_new_service.sh
/usr/local/bin/envsubst
/usr/bin/awk
Please input the name of the service
helloworldoid
Please input the port the application is listening on
8001
Please input the docker image to use:
wikimedia/blubber-doc-example-helloworldoid
~/projects/deployment-charts/charts/helloworldoid/templates ~/projects/deployment-charts
~/projects/deployment-charts
~/projects/deployment-charts/charts/helloworldoid/templates ~/projects/deployment-charts
~/projects/deployment-charts
You can edit your chart (if needed!) at /Users/jhuneidi/projects/deployment-charts/charts/helloworldoid

3. Edit the files created by the script with specific configuration for our service. Let's take a look:

charts/helloworldoid/values.yaml

In the values.yaml for helloworldoid, I've edited two things - I've changed the default image tag to "stable", which is the tag my images are published with as defined in helloworldoid's blubber.yaml. I've also added the HELLO_WORLD environment variable, which helloworldoid expects to exist, as configurable:

# Default values for helloworldoid.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
helm_scaffold_version: 0.1 # This can be useful when backporting fixes.
docker:
  registry: docker-registry.wikimedia.org
  pull_policy: IfNotPresent
resources:
  replicas: 1
main_app:
  image: wikimedia/blubber-doc-example-helloworldoid
  version: stable # we use latest everywhere in the defaults.
  port: 8001 # port exposed as a Service, also used by service-checker.
  # Use command and args below to override the entrypoint. Type is arrays
  # Not necessary unless you want to change the entrypoint defined in the docker image
  # Example:
  # command: ["node"]
  # args: ["bin/server.js", "--param1", "arg1"]
  command: []
service:
  deployment: minikube # valid values are "production" and "minikube"
  port:
    name: http # a unique name of lowercase alphanumeric characters or "-", starting and ending with alphanumeric, max length 63
    # protocol: TCP # TCP is the default protocol
    targetPort: 8001 # the number or name of the exposed port on the container
    port: 8001 # the number of the port desired to be exposed to the cluster
    nodePort: null # you need to define this if "production" is used. In minikube environments let it autoallocate
config:
  public: # Add here all the keys that can be publicly available as a ConfigMap
    HELLO_WORLD: Hi, I’d like to add you to my professional network on LinkedIn.
  private: {} # Add here all the keys that should be private but still available as env variables

Testing the Helm Chart

We can use helm commands to apply the chart and deploy our app to Minikube, but for this example, let's test that our chart works using the local-charts environment. If you want to test your app with other apps that have been migrated to Kubernetes, it might be easy to test it with local-charts. Add your new deployment-chart to local-charts:

1. In the local-charts repo, update helm/requirements.yaml, using the path to your deployment-charts chart as the repository:

helm/requirements.yaml

dependencies:
  - name: mariadb
    version: 6.x.x
    repository: "https://kubernetes-charts.storage.googleapis.com/"
    condition: global.enabled.mariadb
  - name: mediawiki-dev
    alias: mediawiki
    version: 0.0.6
    repository: "https://releases.wikimedia.org/charts/"
    condition: global.enabled.mediawiki
  - name: parsoid
    version: 0.0.3
    repository: "https://releases.wikimedia.org/charts/"
    condition: global.enabled.parsoid
  - name: restrouter
    version: 0.1.0
    repository: "file://restrouter"
    condition: global.enabled.restrouter
  - name: helloworldoid
    version: 0.0.1
    repository: "file://../../deployment-charts/charts/helloworldoid"
    condition: global.enabled.helloworldoid

values.example.yaml

2. Enable your service in values.yaml, and for testing purposes, disable any undesired services:

# Default values for localdev.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

global:
  restbaseNodePort: &restbaseNodePort 31327
  dbPassword: &dbPassword "password"
  dbName: &dbName "my_wiki"

  enabled:
    mariadb: false
    mediawiki: false
    parsoid: false
    restrouter: false
    helloworldoid: true

3. Try running your service in Kubernetes: From the root of the local-charts repo, type make deploy values=values.example.yaml in the terminal to deploy to Minikube.

20:00:32 > jhuneidi@Jeenas-MacBook-Pro > ~/projects/local-charts > ⬡ v6.11.0 > go 1.14 > master ✘ ✹ ✭ > ⎈ minikube: >
$ make deploy values=values.example.yaml
helm dependency update ./helm
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "wikimedia" chart repository
Update Complete. ⎈Happy Helming!⎈
Saving 6 charts
Downloading mariadb from repo https://kubernetes-charts.storage.googleapis.com/
Downloading mediawiki-dev from repo https://releases.wikimedia.org/charts/
Downloading parsoid from repo https://releases.wikimedia.org/charts/
walk.go:74: found symbolic link in path: /Users/jhuneidi/projects/deployment-charts/charts/helloworldoid/templates/_helpers.tpl resolves to /Users/jhuneidi/projects/deployment-charts/common_templates/0.2/_helpers.tpl
walk.go:74: found symbolic link in path: /Users/jhuneidi/projects/deployment-charts/charts/helloworldoid/templates/_tls_helpers.tpl resolves to /Users/jhuneidi/projects/deployment-charts/common_templates/0.1/_tls_helpers.tpl
Downloading blubberoid from repo https://releases.wikimedia.org/charts/
Deleting outdated charts
helm install "default" -f values.example.yaml --set mediawiki.main_app.xdebug.remoteHost=192.168.64.1 ./helm
NAME: default
LAST DEPLOYED: Mon Jun 15 20:00:45 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
Run 'minikube ip' and 'kubectl get svc' to see what ip/port your app is running on

4. now we can attempt a request to our running service:

 20:01:16 > jhuneidi@Jeenas-MacBook-Pro > ~/projects/local-charts > ⬡ v6.11.0 > go 1.14 > master ✘ ✹ ✭ > ⎈ minikube: >
$ minikube ip
192.168.64.18

 20:06:15 > jhuneidi@Jeenas-MacBook-Pro > ~/projects/local-charts > ⬡ v6.11.0 > go 1.14 > master ✘ ✹ ✭ > ⎈ minikube: >
$ kubectl get svc
NAME                    TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
helloworldoid-default   NodePort    10.97.107.149   <none>        8001:32130/TCP   5m42s
kubernetes              ClusterIP   10.96.0.1       <none>        443/TCP          7h16m

 20:06:29 > jhuneidi@Jeenas-MacBook-Pro > ~/projects/local-charts > ⬡ v6.11.0 > go 1.14 > master ✘ ✹ ✭ > ⎈ minikube: >
$ curl 192.168.64.18:32130
 __________________________________________________________________________________________________________________________
/  ('-. .-.   ('-.                                             (`\ .-') /`             _  .-')            _ .-') _  ,---.  \
| ( OO )  / _(  OO)                                             `.( OO ),'            ( \( -O )          ( (  OO) ) |   |  |
| ,--. ,--.(,------.,--.      ,--.      .-'),-----.          ,--./  .--.   .-'),-----. ,------.  ,--.     \     .'_ |   |  |
| |  | |  | |  .---'|  |.-')  |  |.-') ( OO'  .-.  '         |      |  |  ( OO'  .-.  '|   /`. ' |  |.-') ,`'--..._)|   |  |
| |   .|  | |  |    |  | OO ) |  | OO )/   |  | |  |         |  |   |  |, /   |  | |  ||  /  | | |  | OO )|  |  \  '|   |  |
| |       |(|  '--. |  |`-' | |  |`-' |\_) |  |\|  |         |  |.'.|  |_)\_) |  |\|  ||  |_.' | |  |`-' ||  |   ' ||  .'  |
| |  .-.  | |  .--'(|  '---.'(|  '---.'  \ |  | |  |         |         |    \ |  | |  ||  .  '.'(|  '---.'|  |   / :`--'   |
| |  | |  | |  `---.|      |  |      |    `'  '-'  '.-.      |   ,'.   |     `'  '-'  '|  |\  \  |      | |  '--'  /.--.   |
| `--' `--' `------'`------'  `------'      `-----' ',/      '--'   '--'       `-----' `--' '--' `------' `-------' '--'   |
\ Hi, I’d like to add you to my professional network on LinkedIn.                                                          /
 --------------------------------------------------------------------------------------------------------------------------
   \
    \
     \
               _____
           .:´.: .: . : :. `  、
     ..: /.: .: .: . : .: .:   \
    .::/:::       ノ   /、         \
   ..:/.: ::.:|_/::|:/  \:__|:  .\
 .:: :::: :::/|/`ヽ|/    '\:ト、:  .
 .:::|.:: ::/:ィf于ミ     .ィ≠ミ、V: :. .
..:::|.:::ノ::{{:::}       {:::}}{: |\|
..:::::::_::|::うニソ       う:ソV: |
.::: /.:/ |:|:ヽヽ       `      }: |
.:::/イ:{  |:|:    / ̄ ̄ ァ      ノ  :|
 ..::|.ゝ,ヽ|:   /      /     /:::八
 .:::V:::::>:._ヽ、 ./__ .イ:ハ:/
  ..::\|\:斗:ーrヘ`ア又<V|/
   ..::::/⌒: :|:VV{ヽ:\
      .:/.: :|::l::ヘ}/\|:}:.\
    ..::「.: :|::>:V//|〈:.}.}
  ...::/.:: :|::\: V/| / :}:.┐
 ...::/.::::rー::::\:V|/〈::::.ヽ
..:::/.::::イ::::::: \ Y::ヽ:::::.\ %

Whoops, I forgot to add helloworldoid's configurables our values.example.yaml. I'll change it and run make update values=values.example.yaml to update our deployment.

# Default values for localdev.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

global:
  restbaseNodePort: &restbaseNodePort 31327
  dbPassword: &dbPassword "password"
  dbName: &dbName "my_wiki"

  enabled:
    mariadb: false
    mediawiki: false
    parsoid: false
    restrouter: false
    helloworldoid: true

helloworldoid:
  config:
    public:
      HELLO_WORLD: "Hi, welcome to local-charts!"
 20:58:51 > jhuneidi@Jeenas-MacBook-Pro > ~/projects/local-charts > ⬡ v6.11.0 > go 1.14 > master ✘ ✹ ✭ > ⎈ minikube: >
$ make update values=values.example.yaml
helm dependency update ./helm
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "wikimedia" chart repository
Update Complete. ⎈Happy Helming!⎈
Saving 6 charts
Downloading mariadb from repo https://kubernetes-charts.storage.googleapis.com/
Downloading mediawiki-dev from repo https://releases.wikimedia.org/charts/
Downloading parsoid from repo https://releases.wikimedia.org/charts/
walk.go:74: found symbolic link in path: /Users/jhuneidi/projects/deployment-charts/charts/helloworldoid/templates/_helpers.tpl resolves to /Users/jhuneidi/projects/deployment-charts/common_templates/0.2/_helpers.tpl
walk.go:74: found symbolic link in path: /Users/jhuneidi/projects/deployment-charts/charts/helloworldoid/templates/_tls_helpers.tpl resolves to /Users/jhuneidi/projects/deployment-charts/common_templates/0.1/_tls_helpers.tpl
Downloading blubberoid from repo https://releases.wikimedia.org/charts/
Deleting outdated charts
helm upgrade "default" -f values.example.yaml --set mediawiki.main_app.xdebug.remoteHost=192.168.64.1 ./helm
Release "default" has been upgraded. Happy Helming!
NAME: default
LAST DEPLOYED: Mon Jun 15 21:00:43 2020
NAMESPACE: default
STATUS: deployed
REVISION: 2

 21:01:58 > jhuneidi@Jeenas-MacBook-Pro > ~/projects/local-charts > ⬡ v6.11.0 > go 1.14 > master ✘ ✹ ✭ > ⎈ minikube: >
$ curl 192.168.64.18:32130
 __________________________________________________________________________________________________________________________
/  ('-. .-.   ('-.                                             (`\ .-') /`             _  .-')            _ .-') _  ,---.  \
| ( OO )  / _(  OO)                                             `.( OO ),'            ( \( -O )          ( (  OO) ) |   |  |
| ,--. ,--.(,------.,--.      ,--.      .-'),-----.          ,--./  .--.   .-'),-----. ,------.  ,--.     \     .'_ |   |  |
| |  | |  | |  .---'|  |.-')  |  |.-') ( OO'  .-.  '         |      |  |  ( OO'  .-.  '|   /`. ' |  |.-') ,`'--..._)|   |  |
| |   .|  | |  |    |  | OO ) |  | OO )/   |  | |  |         |  |   |  |, /   |  | |  ||  /  | | |  | OO )|  |  \  '|   |  |
| |       |(|  '--. |  |`-' | |  |`-' |\_) |  |\|  |         |  |.'.|  |_)\_) |  |\|  ||  |_.' | |  |`-' ||  |   ' ||  .'  |
| |  .-.  | |  .--'(|  '---.'(|  '---.'  \ |  | |  |         |         |    \ |  | |  ||  .  '.'(|  '---.'|  |   / :`--'   |
| |  | |  | |  `---.|      |  |      |    `'  '-'  '.-.      |   ,'.   |     `'  '-'  '|  |\  \  |      | |  '--'  /.--.   |
| `--' `--' `------'`------'  `------'      `-----' ',/      '--'   '--'       `-----' `--' '--' `------' `-------' '--'   |
\ Hi, welcome to local-charts!                                                                                             /
 --------------------------------------------------------------------------------------------------------------------------
   \
    \
         ____ _______
      ィ''  @ :. ,! ,, , , ̄ ̄ ¨` ‐-            __
       \    ノ   i            ’ ’’ ’’、_;:`:‐.-_-‐ニ==彳
         ` <. _  .ー 、                       !三  <
                 `¨  ‐= . ____.. ニ=-‐‐`'´`ミ、   三>
                                                  ̄ ̄%

5. Make sure to commit your changes in the deployment-charts repo and create a patchset. If you've added a new service to local-charts, why not also commit those changes and create a patchset for review?

Getting Deployed to Production

We have a deployment chart. What does it take to get our app deployed to production?

Running Benchmarks

Now that we know our service runs in Kubernetes, we can run benchmarks to determine how many resources it needs. This is required for deployment to production.

1. Follow this tutorial to benchmark: User:Alexandros Kosiaris/Benchmarking kubernetes apps

2. Update the deployment-charts chart with the values discovered during the benchmark tests and push a patchset for review.


Finally, contact the serviceops team.