• Stars
    star
    134
  • Rank 270,967 (Top 6 %)
  • Language
    Shell
  • License
    MIT License
  • Created over 5 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Scheduler plugin for deploying applications to kubernetes

dokku-scheduler-kubernetes

If this plugin is missing a feature you need, consider sponsoring development. Pull requests always welcome!

A Dokku plugin to integrate with kubernetes.

Requirements

  • The dokku-registry plugin should be installed and configured for your app
  • A configured kubectl (/home/dokku/.kube/config) that can talk to your cluster
  • Dokku 0.20.4+

Installation

You can install this plugin by issuing the command:

dokku plugin:install https://github.com/dokku/dokku-scheduler-kubernetes

After the plugin has successfully been installed you need to install the plugin's dependencies by running the command:

dokku plugin:install-dependencies

Functionality

The following functionality has been implemented

  • Deployment and Service annotations
  • Domain proxy support via the Nginx Ingress Controller
  • Environment variables
  • Letsencrypt SSL Certificate integration via CertManager
  • Pod Disruption Budgets
  • Resource limits and reservations (reservations == kubernetes requests)
    • If no unit is specified, the values for memory are assumed to be in Mi (Megabytes)
  • Zero-downtime deploys via Deployment healthchecks
  • Traffic to non-web containers (via a configurable list)

Unsupported at this time:

  • Custom docker-options (not applicable)
  • Deployment timeouts (planned: #30)
  • Dockerfile support (planned: #29)
  • Encrypted environment variables (planned: #9)
  • Proxy port integration (planned: #29)
  • Manual SSL Certificates (planned: #28)
  • The following scheduler commands are unimplemented:
    • enter (planned: #12)
    • logs:failed
    • run (planned: #12)

If this plugin is missing a feature you need, consider sponsoring development. Pull requests always welcome!

Notes

  • Each Procfile entry will be turned into a kubernetes Deployment object.
  • Each Procfile entry name must be a valid DNS subdomain.
  • The web process will also create a Service object.
  • Non-web processes can create a Service object via a configurable property.
  • All created Kubernetes objects are tracked to completion via kubedog.
  • All manifest templates are hardcoded in the plugin.

Usage

Set the scheduler to kubernetes. This can be done per-app or globally:

# globally
dokku scheduler:set --global selected kubernetes

# per-app
dokku scheduler:set $APP selected kubernetes

You also need to ensure your kubectl has the correct context specified:

# as the dokku user
kubectl config use-context YOUR_NAME

And configure your registry:

dokku registry:set $APP server gcr.io/dokku/

Assuming your Dokku installation can push to the registry and your kubeconfig is valid, Dokku will deploy the app against the cluster.

The namespace in use for a particular app can be customized using the :set command. This will apply to all future invocations of the plugin, and will not modify any existing resources. If unspecified, the namespace in use is the cluster default namespace. The scheduler-kubernetes will create the namespace via a kubectl apply.

dokku scheduler-kubernetes:set $APP namespace test

If deploying from a private docker registry and the cluster needs does not have open access to the registry, an imagePullSecrets value can be specified. This will be injected into the kubernetes deployment spec at deploy time.

dokku scheduler-kubernetes:set $APP imagePullSecrets registry-credential

See this doc for more details on creating an imagePullSecrets secret file.

Service Ingress

This functionality assumes a helm-installed nginx-ingress controller:

helm install ingress-nginx ingress-nginx/ingress-nginx --set controller.publishService.enabled=true

A Kubernetes Service object is created for each web process. Additionally, if the app has it's proxy-type set to nginx-ingress, then we will also create or update a Kubernetes ingress object within the namespace configured for the app. This can be set as follows:

dokku config:set $APP DOKKU_APP_PROXY_TYPE=nginx-ingress

The ingress object has the following properties:

  • The name of the ingress object will be app-ingress.
  • All kubernetes-deployed apps within the same namespace are added to the ingress object.
  • Configured app domains are respected as unique rules.
  • The configured service port for each rule is hardcoded to 5000.

To modify the manifest before it gets applied to the cluster, use the pre-kubernetes-ingress-apply plugin trigger.

Service objects can also be created for specific process types by configuring the service-process-types property. This is a comma-separated list that is specific to an individual application, and will always implicitly include the web process type.

dokku scheduler-kubernetes:set $APP service-process-types http,worker

The PORT environment variable is hardcoded to 5000. No Ingress object is created for non-web processes.

Automated SSL Integration via CertManager

This functionality assumes a helm-installed cert-manager CRD:

kubectl create namespace cert-manager
helm repo add jetstack https://charts.jetstack.io
helm upgrade cert-manager jetstack/cert-manager --namespace cert-manager --version v1.10.0 --set installCRDs=true --install

At this time, the scheduler-kubernetes does not have support for custom SSL certificates. However, domains associated with an app can have a Letsencrypt SSL certificate provisioned automatically via the CertManager Kubernetes add-on.

To start using the CertManager, we will first need to set the issuer email

dokku config:set --global [email protected]

Next, any apps that will require cert-manager integration will need to have that enabled:

dokku scheduler-kubernetes:set $APP cert-manager-enabled true

On the next deploy or domain name change, the CertManager entry will be automatically updated to fetch an SSL certificate for all domains associated with all applications on the same ingress object.

Pod Disruption Budgets

A PodDisruptionBudget object can be created, and will apply to all process types in an app. To configure this, the pod-max-unavailable and pod-min-available properties can be set:

dokku scheduler-kubernetes:set $APP pod-min-available 1

# available in kubernetes 1.7+
dokku scheduler-kubernetes:set $APP pod-max-unavailable 1

Pod Disruption Budgets will be updated on next deploy.

Deployment Autoscaling

This feature requires an installed metric server, uses the autoscaling/v2beta2 api, and will apply immediately. Only resource rules are supported when using the official metric-server, all others require the prometheus-operator and prometheus-adapter.

By default, Kubernetes deployments are not set to autoscale, but a HorizontalPodAutoscaler object can be managed for an app on a per-process type basis - referenced as $PROC_TYPE below. Using the HorizontalPodAutoscaler will disable the normal usage of ps:scale for the specified app/process-type combination, as per Kubernetes best practices.

At a minimum, both a min/max number of replicas must be set.

# set the min number of replicas
dokku scheduler-kubernetes:autoscale-set $APP $PROC_TYPE min-replicas 1

# set the max number of replicas
dokku scheduler-kubernetes:autoscale-set $APP $PROC_TYPE max-replicas 10

You also need to add autoscaling rules. These can be managed via the :autoscale-rule-add command. Adding a rule for a target-name/metric-type combination that already exists will override any existing rules.

Rules can be added for the following metric types:

  • external:
    • format: external:$NAME:$TYPE:$VALUE[:$SELECTOR]
    • fields:
      • $NAME: The name of the external metric to track
      • $TYPE (valid values: [AverageValue, Value]): The type of the target.
      • $VALUE: The value to track.
      • $SELECTOR (optional): The selector to use for filtering to one or more specific metric series.
  • ingress:
    • format: ingress:$NAME:$TYPE:$VALUE[:$INGRESS]
    • fields:
      • $NAME: The name of the ingress metric to track.
      • $TYPE (valid values: [AverageValue, Value]): The type of the target.
      • $VALUE: The value to track.
      • $INGRESS (default: app-ingress): The name of the ingress object to filter on.
  • pods
    • format: pods:$NAME:$TYPE:$VALUE
    • fields:
      • $NAME: The name of the metric from the pod resource to track.
      • $TYPE (valid values: [AverageValue]): The type of the target.
      • $VALUE: The value to track.
  • resource
    • format: resource:$NAME:$TYPE:$VALUE
    • fields:
      • $NAME (valid values: [cpu, memory]): The name of the metric to track.
      • $TYPE (valid values: [AverageValue, Utilization]): The type of the target.
      • $VALUE: The value to track.
# set the cpu average utilization target
dokku scheduler-kubernetes:autoscale-rule-add $APP $PROC_TYPE resource:cpu:Utilization:50

Rules can be listed via the autoscale-rule-list command:

dokku scheduler-kubernetes:autoscale-rule-list $APP $PROC_TYPE

Rules can be removed via the :autoscale-rule-remove command. This command takes the same arguments as the autoscale-rule-add command, though the value is optional. If a rule matching the specified arguments does not exist, the command will still return 0.

# remove the cpu rule
dokku scheduler-kubernetes:autoscale-rule-remove $APP $PROC_TYPE resource:cpu:Utilization:50

# remove the cpu rule by prefix
dokku scheduler-kubernetes:autoscale-rule-remove $APP $PROC_TYPE resource:cpu:Utilization

Autoscaling rules are applied automatically during the next deploy, though may be immediately applied through the :autoscale-apply command:

dokku scheduler-kubernetes:autoscale-apply $APP $PROC_TYPE

Persistent Volume Claims (pvc)

Pods use pvcs as volumes. For volumes that support multiple access modes, the user specifies which mode is desired when using their claim as a volume in a Pod. See supported access modes by providers

# create a pvc
dokku scheduler-kubernetes:add-pvc $NAME $SIZE [--access-mode $MODE][--namespace $NAMESPACE ][--storage-class-name $CLASS]

Fields: - $NAME: The name of the persistent volume claim - $SIZE is a numeric size of claim in MB. - $MODE: Access mode must be either of ReadWriteOnce, ReadOnlyMany or ReadWriteMany. Default is ReadWriteOnce - $NAMESPACE : The namespace for the pvc. Default is "default" - $CLASS: The storage class name. Default is k8s providers default storage class

# list pvcs
dokku scheduler-kubernetes:list-pvc [$NAMESPACE]
# delete pvc
dokku scheduler-kubernetes:remove-pvc $NAME --namespace $NAMESPACE

Mounting a volume using PVC

Pods access storage by using the claim as a volume.

# mounting a volume (requires a re-deploy to take effect)
dokku scheduler-kubernetes:mount $APP_NAME $PVC_NAME $CONTAINER_PATH

Fields: - $APP_NAME: The name of the app - $PVC_NAME: Name of persistent volume claim. Will be used as volume name. Claims must exist in the same namespace as the app.

List mounted volumes for an app:

# list mounted volumes
dokku scheduler-kubernetes:list-mount $APP_NAME

Unmount a volume:

# unmount a volume (requires a re-deploy to take effect)
dokku scheduler-kubernetes:unmount $APP_NAME $PVC_NAME $CONTAINER_PATH

Unmount all volumes:

# unmount all (requires a re-deploy to take effect)
dokku scheduler-kubernetes:unmount-all $APP_NAME

Kubernetes Manifests

Warning: Running this command exposes app environment variables to stdout.

The kubernetes manifest for a deployment or service can be displayed using the :show-manifest command. This manifest can be used to inspect what would be submitted to Kubernetes.

# show the deployment manifest for the `web` process type
dokku scheduler-kubernetes:show-manifest $APP $PROC_TYPE $MANIFEST_TYPE

This command can be used like so:

# show the deployment manifest for the `web` process type
dokku scheduler-kubernetes:show-manifest node-js-sample web


# implicitly specify the deployment manifest
dokku scheduler-kubernetes:show-manifest node-js-sample web deployment

# show the service manifest for the `web` process type
dokku scheduler-kubernetes:show-manifest node-js-sample web service

The command will exit non-zero if the specific manifest for the given app/process type combination is not found.

Annotations

Warning: There is no validation for on annotation keys or values.

Deployment Annotations

These can be managed by the :deployment-annotations-set command.

# command structure
dokku scheduler-kubernetes:deployment-annotations-set $APP $ANNOTATION_NAME $ANNOTATION_VALUE

# set example
dokku scheduler-kubernetes:deployment-annotations-set node-js-sample pod.kubernetes.io/lifetime 86400s

# unset example, leave the value empty
dokku scheduler-kubernetes:deployment-annotations-set node-js-sample pod.kubernetes.io/lifetime

Currently, these apply globally to all processes within a deployed app.

Pod Annotations

These can be managed by the :pod-annotations-set command.

# command structure
dokku scheduler-kubernetes:pod-annotations-set $APP name value

# set example
dokku scheduler-kubernetes:pod-annotations-set node-js-sample pod.kubernetes.io/lifetime 86400s

# unset example, leave the value empty
dokku scheduler-kubernetes:pod-annotations-set node-js-sample pod.kubernetes.io/lifetime

Currently, these apply globally to all processes within a deployed app.

Service Annotations

These can be managed by the :service-annotations-set command.

# command structure
dokku scheduler-kubernetes:service-annotations-set $APP name value

# set example
dokku scheduler-kubernetes:service-annotations-set node-js-sample pod.kubernetes.io/lifetime 86400s

# unset example, leave the value empty
dokku scheduler-kubernetes:service-annotations-set node-js-sample pod.kubernetes.io/lifetime

Currently, they are applied to the web process, which is the only process for which a Kubernetes Service is created.

Ingress Annotations on Namespaces

These can be managed by the :ingress-annotations-set command.

# command structure
dokku scheduler-kubernetes:ingress-annotations-set $NAMESPACE name value

# set example
dokku scheduler-kubernetes:ingress-annotations-set my-namespace nginx.ingress.kubernetes.io/affinity cookie

# unset example, leave the value empty
dokku scheduler-kubernetes:ingress-annotations-set my-namespace nginx.ingress.kubernetes.io/affinity

Currently, these apply to all deployments within an namespace.

Rolling Updates

For deployments that use a rollingUpdate for rollouts, a rollingUpdate may be triggered at a later date via the :rolling-update command.

dokku scheduler-kubernetes:rolling-update $APP

Health Checks

Health checks for the app may be configured in app.json, based on Kubernetes liveness and readiness probes. All Kubernetes options that can occur within a Probe object are supported, though syntax is JSON rather than YAML. The variable $APP may be used to represent the app name.

If a process type is not configured for a given probe type (liveness or readiness), any probe of the same type for the "*" default process type is used instead.

Here (click the triangle to expand) is an example JSON for Kubernetes health checks.

{
	"healthchecks": {
		"web": {
			"readiness": {
				"httpGet": {
					"path": "/{{ $APP }}/readiness_check",
					"port": 5000
				},
				"initialDelaySeconds": 5,
				"periodSeconds": 5
			}
		},
		"*": {
			"liveness": {
				"exec": {
					"command": ["/bin/pidof", "/start"]
				},
				"initialDelaySeconds": 5,
				"periodSeconds": 5
			},
			"readiness": {
				"httpGet": {
					"path": "web processes override this.",
					"port": 5000
				},
				"initialDelaySeconds": 5,
				"periodSeconds": 5
			}
		}
	}
}

Plugin Triggers

The following custom triggers are exposed by the plugin:

post-deploy-kubernetes-apply

  • Description: Allows a user to interact with the deployment manifest after it has been submitted.
  • Invoked by:
  • Arguments: $APP $PROC_TYPE $MANIFEST_FILE $MANIFEST_TYPE
  • Example:
#!/usr/bin/env bash

set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x

# TODO

pre-ingress-kubernetes-apply

  • Description: Allows a user to interact with the ingress manifest before it has been submitted.
  • Invoked by: core-post-deploy, post-domains-update, post-proxy-ports-update, and proxy-build-config triggers
  • Arguments: $APP $MANIFEST_FILE
  • Example:
#!/usr/bin/env bash

set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x

# TODO

pre-deploy-kubernetes-apply

  • Description: Allows a user to interact with the deployment|service manifest before it has been submitted.
  • Invoked by: scheduler-deploy trigger and :show-manifest
  • Arguments: $APP $PROC_TYPE $MANIFEST_FILE $MANIFEST_TYPE
  • Example:
#!/usr/bin/env bash

set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x

# TODO

More Repositories

1

dokku

A docker-powered PaaS that helps you build and manage the lifecycle of applications
Shell
24,965
star
2

dokku-letsencrypt

Automatic Let's Encrypt TLS Certificate installation for dokku
Shell
1,048
star
3

dokku-postgres

a postgres plugin for dokku
Shell
444
star
4

sshcommand

Turn SSH into a thin client specifically for your app
Shell
361
star
5

dokku-redis

a redis plugin for dokku
Shell
240
star
6

dokku-mongo

a mongo plugin for dokku
Shell
171
star
7

ansible-dokku

Ansible modules for installing and configuring Dokku
Python
142
star
8

github-action

Shell
130
star
9

dokku-maintenance

dokku plugin that gives the ability to manage application maintenance mode
Shell
106
star
10

heroku-buildpack-nginx

Buildpack for static websites on Dokku (nginx)
Shell
103
star
11

dokku-redirect

A plugin for dokku that gives the ability to set simple redirects for an application
Shell
98
star
12

dokku-mysql

a mysql plugin for dokku
Shell
92
star
13

dokku-elasticsearch

an elasticsearch plugin for dokku
Shell
88
star
14

dokku-http-auth

dokku plugin that gives the ability to manage HTTP basic auth for an application
Shell
78
star
15

plugn

Hook system that lets users extend your application with plugins
Shell
75
star
16

dokku-mariadb

a mariadb plugin for dokku
Shell
65
star
17

dokku-api

Unmaintained: HTTP API on top of Dokku Daemon
Ruby
59
star
18

dokku-graphite

a graphite, grafana, statsd, carbon plugin for dokku
Shell
55
star
19

dokku-rabbitmq

a rabbitmq plugin for dokku
Shell
45
star
20

dokku-rethinkdb

a rethinkdb plugin for dokku
Shell
42
star
21

dokku-scheduler-nomad

Scheduler plugin for deploying applications to nomad
Shell
32
star
22

dokku-daemon

A daemon wrapper around dokku
Shell
31
star
23

ci-docker-image

A Docker Image meant for use with CI/CD pipelines
Shell
27
star
24

dokku-memcached

a memcached plugin for dokku
Shell
25
star
25

dokku-couchdb

a couchdb plugin for dokku
Shell
25
star
26

gitlab-ci

A collection of gitlab-ci examples
Shell
24
star
27

docker-wait

Shell
23
star
28

dokku-nats

a nats plugin for dokku
Shell
23
star
29

dokku-meilisearch

a meillisearch plugin for dokku
Shell
22
star
30

dokku-clickhouse

a clickhouse plugin for dokku
Shell
18
star
31

dokku-copy-files-to-image

copies files from the host onto the container
Makefile
14
star
32

dokku-update

Shell
12
star
33

dokku-solr

a solr plugin for dokku
Shell
11
star
34

dokku-event-listener

Service that listens to docker events and runs dokku commands
Makefile
10
star
35

lambda-builder

A tool for building lambda function images or zips via Docker
Go
10
star
36

dokku-registry

Deprecated in favor of the official Registry plugin introduced in 0.25.x
Shell
9
star
37

compose-transpiler

Simple docker-compose.yml to dokku commands web utility
Vue
7
star
38

docker-grafana-graphite

Docker image with StatsD, Graphite, Grafana 6
JavaScript
6
star
39

docker-letsencrypt

Docker container for the "simp_le" Let's encrypt implementation running on Alpine Linux
Dockerfile
6
star
40

docker-ambassador

A maintained version of the ambassador linking pattern
Shell
6
star
41

procfile-util

A tool for interacting with Procfiles
Go
5
star
42

omakase

Go
5
star
43

dokku-pushpin

a pushpin plugin for dokku
Shell
5
star
44

docker-image-labeler

Adds and removes labels from docker images
Makefile
5
star
45

netrc

Utility that allows users to manage netrc files
Makefile
5
star
46

dokku-arch

Shell
5
star
47

docker-container-healthchecker

Runs healthchecks against local docker containers
Go
5
star
48

dokku-typesense

a typesense plugin for dokku
Shell
5
star
49

service-proxy

An app that can be used to proxy to a datastore service's web ui
Shell
3
star
50

dokku.github.io

A blog for dokku
SCSS
3
star
51

dokku-orb

Python
3
star
52

docker-run-export

exports the flags passed to a `docker run` call to a variety of formats
Go
2
star
53

websocket-example

Go
2
star
54

.github

Organization Repository
Shell
2
star
55

smoke-test-app

Smoke test app for dokku test suite
Python
2
star
56

dokku-cron-restart

Shell
2
star
57

dokku-omnisci

an omnisci plugin for dokku
Shell
2
star
58

heroku-buildpack-null

A buildpack that performs no actions, for testing purposes
Shell
1
star
59

docker-image-updater

A tool to manually or automatically manage updated docker images
1
star
60

smoke-test-plugin

Smoke test plugin for dokku test suite
Go
1
star
61

github-playground

a playground to test github functionality
1
star
62

smoke-test-gradle-app

Java
1
star
63

tutorials

An mkdocs-based tutorial site
Shell
1
star
64

arch-herokuish

Mirror of AUR git repo for https://github.com/gliderlabs/herokuish
Shell
1
star
65

prop

A golang-based cli interface for manipulating config backed by various datastores
Go
1
star
66

test-app-5065

Python
1
star
67

docs

Docs site in generated html form
HTML
1
star
68

dokku-ansible

an ansible plugin for dokku
Shell
1
star