Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubernetes support #2

Merged
merged 76 commits into from Jun 28, 2021
Merged

Kubernetes support #2

merged 76 commits into from Jun 28, 2021

Conversation

bartversluijs
Copy link
Owner

@bartversluijs bartversluijs commented Jun 28, 2021
edited

The first "official" Kubernetes support using a Helm chart.
It's "official" in the sense that I'm more confident in this Helm chart than the last one, because of it's features and a better upgrade path in the future (provided that there aren't breaking changes in openBalena itself).

Keep in mind, this Kubernetes Helm chart is made with the added thought that you have knowledge about Kubernetes and Helm

Attention
This version breaks with the old version of the Helm chart, but upgrading to the new one is advised
I've tested the upgrade and it's doable, but you've to have some knowledge about Kubernetes

What's new

  • There's a README especially for the openBalena Chart
  • It now uses the HAProxy Ingress Controller for the VPN as well as the HTTP routing, instead of HAProxy and NGINX. Only 1 Load Balancer will be used now instead of 2.
  • More configurable values per service, such as the image, labels, annotations, affinity, resources, nodeSelector, service labels, service annotations and service external IP, plus the storage and storage class
  • Ingresses are more configurable
  • Cert-manager isn't installed by default, as well as an issuer, which makes it more configurable to create TLS certificates
  • It's a standalone Helm Chart instead of an includes 'k8s' script
  • The tunnel.<domain> is supported via an added Ingress TLS rule, which is proxied to HAProxy, which adds the TLS to the TCP service

Known issues

  • The chart depends on the HAProxy Ingress Chart v0.13, which is still in beta. The v0.13 is necessary because of new features, like better configurations per scope and new TCP services. Because of this, there may be some issues. I've seen that the HAProxy isn't always updated properly while doing multiple things at once. So if some routing fails, please reastart the HAProxy pod first.

Breaking changes

  • The whole values.yaml is changed. This is because it now uses the same format as many Helm charts.
  • When upgrading the Helm chart if you've installed the previous one, Helm will give errors that many things can't be upgraded because you're not allowed to change them (such as statefulset values)

Upgrading
Upgrading is simple and hard at the same time. As I mentioned, a simple helm upgrade will not do the trick, because you've to change your values.yaml first, and after you've done that, you'll get errors from Helm itself.

I hoped I could come up with a better upgrade path, but openBalena isn't out of beta yet and the first Helm Chart isn't an official Helm Chart. I did the best I could, but making these breaking changes will improve upgrades later on.

So the upgrade path I chose was as follows:

  1. Create a new file called config/kubernetes.yaml
  2. Copy the contents of kubernetes/values.template.yaml and paste it in config/kubernetes.yaml
  3. Open your current values in config/k8s/settings.yaml
  4. Copy every string (like hostname, config.email etc) in the right variable of config/kubernetes.yaml. Every environment variable is added as a comment next to the variable's value in the old settings.yaml
  5. Backup all your data (and be absolutely sure you've done this and know how to access this data)
  6. Create a new Kubernetes cluster or install everything in a new namespace, but make sure there's no link to the old deployment
  7. Install the new Kubernetes Helm Chart with api.replicas set to 0 (because of migrations later on)
  8. Copy all the backupped data to the new Helm deployment, or attach the old PVC's to the new deployments / StatefulSets
  9. Make sure everything looks good, set api.replicas to 1 or more and upgrade the Helm Chart
  10. Everything is good to go!

I've tested this approach with a openBalena cluster with more than 200 devices and all seems to go well!

Need help?
If you need help, please open a post on the Balena Forums - openBalena section or react in the Kubernetes for scaling topic

Bart Versluijs added 30 commits June 12, 2020 22:27
Kubernetes support
f3f2a53
Updated k8s deployments, services and volumes. Added an ingress file too
98f57be
Added IMAGE_STORAGE_ENDPOINT and IMAGE_STORAGE_PREFIX
dfa03c0
Changed volumes
7a197f4
Use root directory, because else we get some errors
b198fd6
Change proxy-body-size to 500mb, for deployment of containers
e3ec199
Added nodeSelector and affinity
b4f9e3c
Ignore k8s charts and Chart.lock
dd184c1
Added a Helm chart for open-balena
bc4a56b
Moved to an Helm chart, so these can be deleted
5400ca3
Create k8s settings and cert-issuer in the config directory
414d54e
Added a starter with k8s
6585219
Added a max body size for NGINX of 200m
0039236
Added 'do-loadbalancer-hostname', so pods can resolve each other via …
18e408b 
…domain
Only install cert-manager when using the install command
cdcf03d
Change default storage to 25Gi, 1Gi is too little for Minio to run
cb3f811
Changed names with 'openbalena' prefix and changed app label to openb…
6af7640 
…alena and component to the component
Changed name references to prefixed 'openbalena'
4e73de6
Added openbalena prefix to every type of service
3d3cfd5
Added openbalena prefix to TCP
e703deb
fix: Changed database to StatefulSet, because it's a database
a93c281
fix: use StatefulSet for everything with persistent volume
d8d4c4b
fix: changed way CertIssuer is done
778c91c
fix: added cluster-issuer to template
a713b0e
Merge branch 'k8s-support' of github.com:bartversluijs/open-balena in…
4548212 
…to k8s-support
fix: quickstart script
e0728fe
fix: use incubator chart
b1193bc
Merge branch 'master' into k8s-support
1433768
feat: updated k8s chart, so it's more updateable and has more options
bc534b6
fix: use simpler default Helm chart values
f4cf4a7
Bart Versluijs and others added 27 commits June 14, 2021 23:00
Change strategy of VPN deployment because of host port
76c8f31
Use newest version of HAProxy Ingress, because the config-proxy is fixed
240399c
Use 'hostNetwork' by default for VPN pods
a0be919
Remove the default cert-manager installation and configuration by def…
ff72212 
…ault
Changes 'k8s' to 'kubernetes' directory and added a README, instead o…
8285d91 
…f the k8s script
Changed version of chart and app
9691574
Re-enable the openssl check, disabled accidentally
a74e833
Added warnings to the Kubernetes readme
3abd20c
Disable the proxy-protocol, because this will cause issues with direc…
b145708 
…t connections to a VPN server
Use booleans for production-mode
08f6e1a
Change 'disableRedirect' option to the registry instead of 'global.s3'
4a9ecb0
Upgraded HAProxy Ingress chart
3a88621
Added information about HAProxy Ingress repository of Helm
a9b1778
Changed way of handling the TCP tunnel via Ingress
4acdc54
Changed location of the kubernetes values template
f4beac2
Update API, registry and VPN services
1180bb3 
Update open-balena-api from 0.119.5 to 0.139.0
Update open-balena-registry from 2.16.0 to 2.16.1
Update open-balena-vpn from 9.17.4 to 9.17.11

Change-type: minor
Merge pull request balena-io#123 from bartversluijs/patch-services
39f7f6b 
minor: Update API, registry and VPN services
@balena-ci
v3.4.0
b1fd426
Merge remote-tracking branch 'upstream/master' into k8s-support-v3.2.1
8d6d6b2
Updated API, registry and VPN services in Kubernetes Helm Chart
1d51b98
Removed the 'hostNetwork' and 'hostPort' for better scalability
3dbc82f
Use the PROXY protocol for the VPN
01644ac 
It's used in the docker-compose version of openBalena, so we'll use it too
Set 'eth0' as the VPN service register interface
fbea768 
By doing this, the VPN will register itself to the openBalena API using it's local Cluster IP of the pod. When running multiple VPN services, it'll forward the request to the right VPN pod using the local Kubernetes network
Don't use PROXY protocol again
39dae93 
With PROXY protocol enabled, setting environment variables and releases aren't being pushed directly to devices. When it's not used, every change and/or release is directly pushed to the devices
Replicas can also be set to 0
51a936a
Added dependency update command for the Helm chart
54bb222
Updated app version of the Helm Chart
2432d7e
@bartversluijs bartversluijs merged commit 1f97250 into master Jun 28, 2021
@bartversluijs bartversluijs deleted the kubernetes-support branch January 10, 2022 17:11
@bartversluijs bartversluijs mentioned this pull request Jan 10, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@bartversluijs @balena-ci @fisehara @relaxdiego