05. VMware Carvel

VMware Carvel

The ~~k14s~~ carvel toolchain.

Overview

Templating and Packaging

Common issues

The Carvel way

Personas

Sample

Templates and Packages

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx

{%- if master.get('network', {}).get('engine') == 'calico' %}
{% set calico = salt['grains.filter_by']({
    'default': master.network.calico
}, merge=salt['pillar.get']('kubernetes:master:network')) %}
{% do calico.update({
    'enabled': true,
    'calicoctl_image': calico.calicoctl.image,
    'cni_image': calico.cni.image,
}) %}

Now this is not a CoreOS os Red Hat talk…
But I did just want to call out Operators for a second because they are just such a good way of running production applications.
An Operator if you haven’t heard before is;
- A method of packaging, deploying and managing a Kubernetes Native application’s lifecycle.
- What ClusterAPI and (MachineAPI) is for Clusters, Operators are for applications.
- The Operators framework was from CoreOS who were acquired by Red Hat
- For those you who are familiar with OpenShift v4.x, you will be well familiar with Operator Lifecycle Management (OLM).
The TLDR of an Operator is a bit like;
- Taking a subject matter expert’s knowledge on a single application
- Putting that knowledge of how to install, run, upgrade, maintain, failover all into code
- Install all that knowledge into your Cluster in the form of a Kubernetes Controller
- And have an automated lifecycle at the application level.
- Because one of the biggest problems that Operations teams face when it comes it microservices,
  - In the average cluster, there are so many different microservices installed
  - you can’t be an expert in all of them
  - so outsource that to those who are.
The flipside of course, just like Helm charts, not all Operators are created equal, there are good and bad examples.
And where it gets a bit confusing if you haven’t seen these before;
- An Operator may come packaged as a Helm chart
- But mostly, You see them as the raw Kubernetes manifest.
- Red Hat has in-built support for their OperatorHub.io but there are a lot of operators not published there.
The main point I’m trying to make is;
- If the vendor has an operator for the application you are building, try that first.
That’s enough on that for today.

CNCF Landscape

Common Issues

Forking vs Overlays

Immutable Support

Secret Management

Resource Quotas and Limit Ranges

Offline Environments

Custom resource ordering

And many more…

Forking vs Overlays.

The moment you fork someone else’s maintained Helm chart, starts an insurmountable journey
- Forever chasing your tail keeping up-to-date with changes.
- The majority of Helm charts don’t even include Resource Limits, RBAC and Network Security Policies.
- This is a giant PITA.
Then people started using Overlays
- Then you find yourself in the Kustomize situation, which can be a debugging nightmare.
- Whiteboard

Immutable Support.

How many times have you seen a helm chart with a mutable image reference?
Helm charts don’t track configuration drift, even Ansible doesn’t help you here.

Secret Management.

If I see another tool that expect secrets to be in plain-text or base64 encoded format held in a git repository….

Resource Quotas and Limit Ranges.

This is considered MVP level stuff right here…

Offline Environments.

Offline environments are neglected or forgotten
If you have ever had the pleasure of trying to run OpenShift v4.x offline…

Custom resource ordering.

Helm hardcodes the order and has no concept of custom CRDs.
Just trying uninstalling something cleanly, resources pending deletion.

And there are many more issues.

VMware

Unix philosophy

Composable

Extensible

vendir

git submodules on steroids

vendir example

# vendir.yml
apiVersion: vendir.k14s.io/v1alpha1
kind: Config
directories:
  - path: config/_ytt_lib
    contents:
      - path: demo
        git:
          url: https://github.com/salt-labs/tanzu
          ref: origin/demo
        newRootPath: demo

vendir sync

ytt

YAML Templating Tool.

Templates and Patches YAML files

YAML aware

Chunks

A day in the life of a Helm package author.

ytt example

#@data/values-schema

git:
  repo:
    url: https://github.com/hello-world

# An example of a chunk from a template file

GITOPS_REPO_URL: #@ data.values.gitops.repo.url or assert.fail("Missing GitOps repo URL!")

ytt --file example/ --file values.yaml

GITOPS_REPO_URL: https://github.com/hello-world

kbld

Automated Image Solver

kbld example

spec:
  containers:
    - name: nginx
      image: nginx:1.17 # <-- mutable tag reference (bad!)
      ports:
        - containerPort: 80

 kbld -f my-example/nginx

spec:
  containers:
    - name: nginx
      image: index.docker.io/library/nginx@sha256:2539d4344... # <-- resolved to digest form
      ports:
        - containerPort: 80

kapp

A fancy kubectl apply -f

kapp example

# Example deployment of a YTT template.
kapp -y deploy -a my-app -f <(ytt -f ./examples/simple-app-example/config-1.yml)

imgpkg

Offline environments

kapp-controller

Kubernetes Native Controller

Extras

New Tools?

Personas

Package Author

Platform Engineer

Package Consumer

Application Operators

Whiteboard: Package Author.

Whiteboard: Platform Engineer.

Whiteboard: Package Consumer.

Whiteboard: Application Operator.

Demo: Deploying a Carvel Package.

VMware Carvel

Overview

Templates and Packages

Common Issues

VMware

vendir

vendir example

ytt

ytt example

kbld

kbld example

kapp

kapp example

imgpkg

kapp-controller

Extras

Personas

Resources