|
Note
|
This repository contains the guide documentation source. To view the guide in published form, view it on the Open Liberty website. |
Deploy microservices in Open Liberty Docker containers to Kubernetes and manage them with the Kubernetes CLI, kubectl.
Kubernetes is an open source container orchestrator that automates many tasks involved in deploying, managing, and scaling containerized applications.
Over the years, Kubernetes has become a major tool in containerized environments as containers are being further leveraged for all steps of a continuous delivery pipeline.
Managing individual containers can be challenging. A small team can easily manage a few containers for development but managing hundreds of containers can be a headache, even for a large team of experienced developers. Kubernetes is a tool for deployment in containerized environments. It handles scheduling, deployment, as well as mass deletion and creation of containers. It provides update rollout abilities on a large scale that would otherwise prove extremely tedious to do. Imagine that you updated a Docker image, which now needs to propagate to a dozen containers. While you could destroy and then re-create these containers, you can also run a short one-line command to have Kubernetes make all those updates for you. Of course, this is just a simple example. Kubernetes has a lot more to offer.
Deploying an application to Kubernetes means deploying an application to a Kubernetes cluster.
A typical Kubernetes cluster is a collection of physical or virtual machines called nodes that run containerized applications. A cluster is made up of one parent node that manages the cluster, and many worker nodes that run the actual application instances inside Kubernetes objects called pods.
A pod is a basic building block in a Kubernetes cluster. It represents a single running process that encapsulates a container or in some scenarios many closely coupled containers. Pods can be replicated to scale applications and handle more traffic. From the perspective of a cluster, a set of replicated pods is still one application instance, although it might be made up of dozens of instances of itself. A single pod or a group of replicated pods are managed by Kubernetes objects called controllers. A controller handles replication, self-healing, rollout of updates, and general management of pods. One example of a controller that you will use in this guide is a deployment.
A pod or a group of replicated pods are abstracted through Kubernetes objects called services that define a set of rules by which the pods can be accessed. In a basic scenario, a Kubernetes service exposes a node port that can be used together with the cluster IP address to access the pods encapsulated by the service.
To learn about the various Kubernetes resources that you can configure, see the official Kubernetes documentation.
You will learn how to deploy two microservices in Open Liberty containers to a local Kubernetes cluster. You will then manage your deployed microservices using the kubectl command line interface for Kubernetes. The kubectl CLI is your primary tool for communicating with and managing your Kubernetes cluster.
The two microservices you will deploy are called system and inventory. The system microservice returns the JVM system properties of the running container and it returns the pod’s name in the HTTP header making replicas easy to distinguish from each other. The inventory microservice adds the properties from the system microservice to the inventory. This process demonstrates how communication can be established between pods inside a cluster.
You will use a local single-node Kubernetes cluster.
The first step of deploying to Kubernetes is to build your microservices and containerize them with Docker.
The starting Java project, which you can find in the start directory, is a multi-module Maven project that’s made up of the system and inventory microservices. Each microservice resides in its own directory, start/system and start/inventory. Each of these directories also contains a Dockerfile, which is necessary for building Docker images. If you’re unfamiliar with Dockerfiles, check out the Containerizing Microservices guide, which covers Dockerfiles in depth.
Navigate to the start directory and build the applications by running the following commands:
cd start
mvn clean packageNext, run the docker build commands to build container images for your application:
docker build -t system:1.0-SNAPSHOT system/.
docker build -t inventory:1.0-SNAPSHOT inventory/.The -t flag in the docker build command allows the Docker image to be labeled (tagged) in the name[:tag] format. The tag for an image describes the specific image version. If the optional [:tag] tag is not specified, the latest tag is created by default.
During the build, you’ll see various Docker messages describing what images are being downloaded and built. When the build finishes, run the following command to list all local Docker images:
docker imagesVerify that the system:1.0-SNAPSHOT and inventory:1.0-SNAPSHOT images are listed among them, for example:
REPOSITORY TAG
inventory 1.0-SNAPSHOT
system 1.0-SNAPSHOT
openliberty/open-liberty kernel-slim-java11-openj9-ubi
k8s.gcr.io/kube-proxy-amd64 v1.10.3
k8s.gcr.io/kube-scheduler-amd64 v1.10.3
k8s.gcr.io/kube-controller-manager-amd64 v1.10.3
k8s.gcr.io/kube-apiserver-amd64 v1.10.3
k8s.gcr.io/etcd-amd64 3.1.12
k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64 1.14.8
k8s.gcr.io/k8s-dns-sidecar-amd64 1.14.8
k8s.gcr.io/k8s-dns-kube-dns-amd64 1.14.8
k8s.gcr.io/pause-amd64 3.1REPOSITORY TAG
inventory 1.0-SNAPSHOT
system 1.0-SNAPSHOT
openliberty/open-liberty kernel-slim-java11-openj9-ubi
k8s.gcr.io/kube-proxy-amd64 v1.10.0
k8s.gcr.io/kube-controller-manager-amd64 v1.10.0
k8s.gcr.io/kube-apiserver-amd64 v1.10.0
k8s.gcr.io/kube-scheduler-amd64 v1.10.0
quay.io/kubernetes-ingress-controller/nginx-ingress-controller 0.12.0
k8s.gcr.io/etcd-amd64 3.1.12
k8s.gcr.io/kube-addon-manager v8.6
k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64 1.14.8
k8s.gcr.io/k8s-dns-sidecar-amd64 1.14.8
k8s.gcr.io/k8s-dns-kube-dns-amd64 1.14.8
k8s.gcr.io/pause-amd64 3.1
k8s.gcr.io/kubernetes-dashboard-amd64 v1.8.1
k8s.gcr.io/kube-addon-manager v6.5
gcr.io/k8s-minikube/storage-provisioner v1.8.0
gcr.io/k8s-minikube/storage-provisioner v1.8.1
k8s.gcr.io/defaultbackend 1.4
k8s.gcr.io/k8s-dns-sidecar-amd64 1.14.4
k8s.gcr.io/k8s-dns-kube-dns-amd64 1.14.4
k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64 1.14.4
k8s.gcr.io/etcd-amd64 3.0.17
k8s.gcr.io/pause-amd64 3.0If you don’t see the system:1.0-SNAPSHOT and inventory:1.0-SNAPSHOT images, then check the Maven build log for any potential errors. In addition, if you are using Minikube, make sure your Docker CLI is configured to use Minikube’s Docker daemon instead of your host’s Docker daemon.
Now that your Docker images are built, deploy them using a Kubernetes resource definition.
A Kubernetes resource definition is a yaml file that contains a description of all your deployments, services, or any other resources that you want to deploy. All resources can also be deleted from the cluster by using the same yaml file that you used to deploy them.
Create the Kubernetes configuration file in thestartdirectory.kubernetes.yaml
kubernetes.yaml
link:finish/kubernetes.yaml[role=include]This file defines four Kubernetes resources. It defines two deployments and two services. A Kubernetes deployment is a resource that controls the creation and management of pods. A service exposes your deployment so that you can make requests to your containers. Three key items to look at when creating the deployments are the labels, image, and containerPort fields. The labels is a way for a Kubernetes service to reference specific deployments. The image is the name and tag of the Docker image that you want to use for this container. Finally, the containerPort is the port that your container exposes to access your application. For the services, the key point to understand is that they expose your deployments. The binding between deployments and services is specified by labels — in this case the app label. You will also notice the service has a type of NodePort. This means you can access these services from outside of your cluster via a specific port. In this case, the ports are 31000 and 32000, but port numbers can also be randomized if the nodePort field is not used.
Run the following commands to deploy the resources as defined in kubernetes.yaml:
kubectl apply -f kubernetes.yamlWhen the apps are deployed, run the following command to check the status of your pods:
kubectl get podsYou’ll see an output similar to the following if all the pods are healthy and running:
NAME READY STATUS RESTARTS AGE
system-deployment-6bd97d9bf6-4ccds 1/1 Running 0 15s
inventory-deployment-645767664f-nbtd9 1/1 Running 0 15sYou can also inspect individual pods in more detail by running the following command:
kubectl describe podsYou can also issue the kubectl get and kubectl describe commands on other Kubernetes resources, so feel free to inspect all other resources.
Next you will make requests to your services.
The default host name for Docker Desktop is localhost.
The default host name for minikube is 192.168.99.100. Otherwise it can be found using the minikube ip command.
Then, run the curl command or visit the following URLs to access your microservices, substituting the appropriate host name:
-
http://[hostname]:31000/system/properties -
http://[hostname]:32000/inventory/systems/system-service
The first URL returns system properties and the name of the pod in an HTTP header called X-Pod-Name. To view the header, you may use the -I option in the curl when making a request to http://[hostname]:31000/system/properties. The second URL adds properties from the system-service endpoint to the inventory Kubernetes Service. Visiting http://[hostname]:32000/inventory/systems/[kube-service] in general adds to the inventory depending on whether kube-service is a valid Kubernetes service that can be accessed.
Without continuous updates, a Kubernetes cluster is susceptible to a denial of a service attack. Rolling updates continually install Kubernetes patches without disrupting the availability of the deployed applications. Update the yaml file as follows to add the rollingUpdate configuration.
Replace the Kubernetes configuration file
kubernetes.yaml
kubernetes.yaml
link:finish/kubernetes.yaml[role=include]The rollingUpdate configuration has two attributes, maxUnavailable and maxSurge. The maxUnavailable attribute specifies the the maximum number of Kubernetes pods that can be unavailable during the update process. Similarly, the maxSurge attribute specifies the maximum number of additional pods that can be created during the update process.
The readinessProbe allows Kubernetes to know whether the service is ready to handle requests. The readiness health check classes for the /health/ready endpoint to the inventory and system services are provided for you. If you want to learn more about how to use health checks in Kubernetes, check out the Kubernetes-microprofile-health guide.
Run the following command to deploy the inventory and system microservices with the new configuration:
kubectl apply -f kubernetes.yamlRun the following command to check the status of your pods are ready and running:
kubectl get podsTo use load balancing, you need to scale your deployments. When you scale a deployment, you replicate its pods, creating more running instances of your applications. Scaling is one of the primary advantages of Kubernetes because you can replicate your application to accommodate more traffic, and then descale your deployments to free up resources when the traffic decreases.
As an example, scale the system deployment to three pods by running the following command:
kubectl scale deployment/system-deployment --replicas=3Use the following command to verify that two new pods have been created.
kubectl get podsNAME READY STATUS RESTARTS AGE
system-deployment-6bd97d9bf6-4ccds 1/1 Running 0 1m
system-deployment-6bd97d9bf6-jf9rs 1/1 Running 0 25s
system-deployment-6bd97d9bf6-x4zth 1/1 Running 0 25s
inventory-deployment-645767664f-nbtd9 1/1 Running 0 1mWait for your two new pods to be in the ready state, then make a curl -I request to, or visit the http://[hostname]:31000/system/properties URL.
Notice that the X-Pod-Name header has a different value when you call it multiple times. The value changes because three pods that all serve the system application are now running. Similarly, to descale your deployments you can use the same scale command with fewer replicas.
kubectl scale deployment/system-deployment --replicas=1When you’re building your application, you might want to quickly test a change. To run a quick test, you can rebuild your Docker images then delete and re-create your Kubernetes resources. Note that there is only one system pod after you redeploy because you’re deleting all of the existing pods.
kubectl delete -f kubernetes.yaml
mvn clean package
docker build -t system:1.0-SNAPSHOT system/.
docker build -t inventory:1.0-SNAPSHOT inventory/.
kubectl apply -f kubernetes.yamlUpdating your applications in this way is fine for development environments, but it is not suitable for production. If you want to deploy an updated image to a production cluster, you can update the container in your deployment with a new image. Once the new container is ready, Kubernetes automates both the creation of a new container and the decommissioning of the old one.
pom.xml
link:finish/inventory/pom.xml[role=include]A few tests are included for you to test the basic functionality of the microservices. If a test failure occurs, then you might have introduced a bug into the code. To run the tests, wait for all pods to be in the ready state before proceeding further. The default properties defined in the pom.xml are:
| Property | Description |
|---|---|
|
Name of the Kubernetes Service wrapping the |
|
The Kubernetes Service |
|
The Kubernetes Service |
Navigate back to the start directory.
Run the integration tests against a cluster running with a host name of localhost:
mvn failsafe:integration-testRun the integration tests with the IP address for Minikube:
mvn failsafe:integration-test -Dsystem.service.root=$(minikube ip):31000 -Dinventory.service.root=$(minikube ip):32000If the tests pass, you’ll see an output similar to the following for each service respectively:
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running it.io.openliberty.guides.system.SystemEndpointIT
Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.372 s - in it.io.openliberty.guides.system.SystemEndpointIT
Results:
Tests run: 2, Failures: 0, Errors: 0, Skipped: 0-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running it.io.openliberty.guides.inventory.InventoryEndpointIT
Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.714 s - in it.io.openliberty.guides.inventory.InventoryEndpointIT
Results:
Tests run: 4, Failures: 0, Errors: 0, Skipped: 0When you no longer need your deployed microservices, you can delete all Kubernetes resources by running the kubectl delete command:
kubectl delete -f kubernetes.yamlYou have just deployed two microservices that are running in Open Liberty to Kubernetes. You then scaled a microservice and ran integration tests against miroservices that are running in a Kubernetes cluster.