GitLocker: The Coding Marketplace

Description:

kubetools 13.14.1

Kubetools
Kubetools is a tool and processes for developing and deploying microservices to Kubernetes. Say that:

You have a bunch of repositories, each containing one or more microservices
You want to deploy each of these microservices into one or more Kubernetes clusters
You want a single configuration file per project (repository)

And you would like:

Development setup should be near-instant - and not require specific K8s knowledge
Deployment to production can be automated - and integrated with existing CI tooling

Kubetools provides the tooling required to achieve this, by way of two CLI tools:

ktd: generates 100% local development environments using Docker/docker-compose
kubetools: deploys projects to Kubernetes, handling any changes/jobs as required

Both of these use a single configuration file, kubetools.yml, for example a basic django app:
name: my-app

containerContexts:
django_app:
build:
registry: my-registry.net
dockerfile: Dockerfile
dev:
volumes:
- ./:/opt/django_app

upgrades:
- name: Upgrade database
containerContext: django_app
command: [./manage.py, migrate, --noinput]

tests:
- name: Nosetests
containerContext: django_app
command: [./manage.py, test]

deployments:
my-app-webserver:
annotations:
imageregistry: "https://hub.docker.com/"
labels:
app.kubernetes.io/name: my-app-webserver
serviceAccountName: webserver
secrets:
secret-volume:
mountPath: /mnt/secrets-store
secretProviderClass: webserver-secrets
containers:
uwsgi:
command: [uwsgi, --ini, /etc/uwsgi.conf]
containerContext: django_app
ports:
- 80
dev:
command: [./manage.py, runserver, '0.0.0.0:80']

dependencies:
mariadb:
containers:
mariadb:
image: mariadb:v10.4.1

cronjobs:
my-cronjob:
batch-api-version: 'batch/v1beta1' # Must add if k8s version < 1.21+
schedule: "*/1 * * * *"
concurrency_policy: "Replace"
containers:
hello:
image: busybox
command: [/bin/sh, -c, date; echo Hello from the Kubernetes cluster]

With this in your current directory, you can now:
# Bring up a local development environment using docker-compose
ktd up

# Deploy the project to a Kubernetes namespace
kubetools deploy my-namespace

Installing
pip install kubetools

NOTE: Since Cython 3.0 was released, the installation of kubetools dependencies will fail
due to compatibility issues between Cython 3 and PyYaml (see
this issue). This can be worked around for example
with pip by using a "constraints" file containing cython<3.
Configuration
Users can configure some aspects of kubetools. The configuration folder location depends on the
operating system of the user. See the
Click documentation
to find the appropriate one for you. Note that we use the "POSIX" version (for example
~/.kubetools/ on Unix systems).

kubetools.conf contains key-value settings, see settings.py for the
possible settings and their meaning.
scripts/ can contain scripts to be made available to ktd script command

Developing
Install the package in editable mode, with the dev extras:
pip install -e .[dev]

Local deployment testing
For deployment testing, you will need a kubernetes cluster and a docker registry. You can get both
easily using minikube:
minikube start --addons registry --insecure-registry ${MINIKUBE_IP}:5000

Then you can deploy to that environment:
kubetools --context minikube deploy --default-registry ${MINIKUBE_IP}:5000 default .

MINIKUBE_IP value can vary depending on your local environment. The easiest way to get the correct
value is to start minikube once then reset it:
minikube start
MINIKUBE_IP=$(minikube ip)
minikube delete
...

Releasing (admins/maintainers only)

Update CHANGELOG to add new version and document it
In GitHub, create a new release

Title the release v<version> (for example v1.2.3)
Select to create a new tag v<version> against master branch
Copy changes in the release from CHANGELOG.md into the release description
GitHub Actions will package the release and
publish it to Pypi

Mounting K8s Secrets
We assume that ServiceAccount and SecretProviderClass are already created (if needed), before deploying the project with kubetools.
Docker build args
kubetools now supports passing values for ARG parameters used in Dockerfiles, using
--build-args. This has a couple of caveats though:

it is NOT supported in ktd. A workaround for this is to use the default value of the ARG
instruction.
this doesn't affect the image tag pushed to the docker registry, which is based only on the git
commit hash. This means that these arguments cannot be used to generate multiple images from the
same Dockerfile. So their main usage should be to pass secrets that should not be recorded in the
git repository but are needed at build time, to access external resources for example.
these values could be recorded in the docker image layer history. To prevent leaking secrets, you
should consider using multi-stage builds where the secrets are only used in a "builder" image.