☸ Kubernetes Demo Deployment

We use Kubernetes to deploy the WebEdit Demo on a Kubernetes cluster running TalosOS, a Linux distribution made for Kubernetes.

Deployment YAML configuration

The future is bright!

Future work includes plans to take the demo deployment configuration, generalize it, and provide a Helm Chart so everyone can easily deploy WebEdit with Kubernetes.

All the YAML configuration files for the demo deployment can be found in container/kubernetes. Currently, we use kluctl to manage the Kubernetes deployment.

Workloads

The configuration for our workloads (containers) is located inside container/kubernetes/services with a subfolder for each respective service.

The demo deployment consists of the following:

• garage: a garage instance for the WebEdit Server (uses the garage-single-node-init image)
• valkey: a valkey instance for the WebEdit Server
• server: the WebEdit Server
• dashboard: the WebEdit Dashboard
• cfTunnel: a cloudflared daemon to connect to a Cloudflare Tunnel for getting traffic into the cluster

How to deploy

Make sure you have kluctl and kubectl installed.

Before deploying, make sure your Kubernetes cluster is ready to go and accessible using kubectl.

Set Secrets

Before deploying, it’s required to set some secrets in the container/kubernetes/secrets folder. Files placed there are not checked into Git.

Container Registry Token

For the cluster to pull images from the GitLab Container Registry, it needs a valid token. The token requires the read_registry permission and can either be created on a user level in Preferences > Access Tokens or on a repository level in (Repo.) Settings > Access Tokens. Then, the Kubernetes secret can be generated:

kubectl create secret -n webedit-demo docker-registry bht-gitlab-registry-token \
--dry-run=client --docker-username=${USERNAME} --docker-password=${PASSWORD} \
--docker-server=https://registry.bht-berlin.de:443/ -o yaml \
> container/kubernetes/secrets/Secret.dockerconfigjson.yaml

Make sure to either set the USERNAME and PASSWORD environment variables beforehand or replace them in the command with the correct values.

Cloudflare Tunnel

Since we use a cloudflare tunnel for getting traffic into the cluster, we need to set the secret for the tunnel.

Setting up the tunnel can easily be done by following Cloudflare’s guide.

But instead of uploading the secrets directly to the cluster, we can generate a YAML file:

kubectl create secret -n webedit-demo generic tunnel-credentials \
--from-file=credentials.json=${FILEPATH} --dry-run=client -o yaml > container/kubernetes/secrets/Secret.cfTunnel.yaml

Either set the FILEPATH environment variable beforehand or replace it in the command with the correct path.

The Deploy cloudflared step has already been taken care of.

Update deployed containers

The demo deployment pulls the server and dashboard containers with the tag deployed.

The container/kubernetes/updateContainers.sh script takes the current images with the latest tag, copies them to the respective deployed tag, and then restarts the Kubernetes deployment to force a new pull from the registry. This requires skopeo to be installed and will ask for credentials for the container registry.

Reset deployment

To reset the deployment, execute the container/kubernetes/resetAll.sh script.

Helpfull Links

• Kubernetes Course from DevOps Directive and the Repo from the Course
• Kubernetes documentation
• Kluctl documentation
• TalosOS documentation
• TalosOS’s Guide to installation on Hetzner VPS
• Cloudflare’s Guide to use Tunnel with Kubernetes