Ketch
Application deployments using Ketch, Crossplane, and ArgoCD
Most developers are familiar with using Git workflows and automated processes for testing and building code. We are now seeing teams using more and more these workflows to automate all the way from the infrastructure to your application deployment, the so-called GitOps approach.
The basic idea of GitOps is to place a Git repository at the center of your application declarations and use it to manage your application’s current state and history.
Using GitOps, a developer pushes code as usual to the codebase’s repository and triggers tests and deployments. Teams declare the application details and processes declaratively. If someone wants to change what’s created or triggered, they change the application definition file and commit the change to version control following typical practices.
GitOps is growing fast in popularity where teams are exploring it to help their developers deploy their applications on Kubernetes.
The challenge many developers face with the approach is that when tied to Kubernetes, most tools take an object-level approach for deploying applications where developers have to build or maintain Helm charts, Kustomize scripts, or other similar.
This may be ok on a small scale. Still, as you increase the number of applications deployed and developers using the system, this object-level approach can create complexity for developers and increase the burden on the DevOps teams.
Thinking of that, we decided to combine Ketch with Crossplane and ArgoCD. By doing so, the application deployment model becomes more manageable with an application-centered approach, Crossplane performs drift detection, and ArgoCD is then responsible for synching changes.
Installing Required Components
Ketch
You can find detailed information on how to install Ketch here: Getting Started (theketch.io)
As a quick start, here are the steps:
Installing the Ketch CLI can be done using the command below:
curl -s https://raw.githubusercontent.com/shipa-corp/ketch/main/install.sh | bashWith the CLI installed, we can then install the cert-manager. Ketch uses Cert-manager to generate certificates for our future applications automatically:
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.3/cert-manager.yaml
The next step is to install an ingress controller that Ketch can use. When deploying applications, Ketch will automatically create an endpoint for you to access your applications. For this example, we can use Istio as the ingress controller:
ISTIO_VERSION=1.9.0 && curl -L https://istio.io/downloadIstio |ISTIO_VERSION=1.9.0 sh - && cd istio-$ISTIO_VERSION && export PATH=$PWD/bin:$PATH && cd ..
istioctl install --set profile=demo
With Istio installed, we can then install cluster issuer. Here is the cluster issuer file:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: le
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: my-account-key
solvers:
- http01:
ingress:
class: istio
Save it locally with the name cluster-issuer-istio.yaml and apply it to your cluster with the command below:
kubectl apply -f cluster-issuer-istio.yamlWith all components installed, we can then install Ketch’s controller
Ketch Crossplane Provider
With Ketch in place, we can then install Crossplane and Ketch’s provider for Crossplane.
Installing Crossplane is easy, and you can do it using the following commands:
kubectl create namespace crossplane-system
helm install crossplane --namespace crossplane-system crossplane-stable/crossplane --set packageCache.sizeLimit=512Mi
This will install Crossplane in the crossplane-system namespace.
Now we can install our Ketch provider. Create a file named crossplane-provider-ketch.yaml with the following content:
apiVersion: pkg.crossplane.io/v1beta1
kind: Provider
metadata:
name: provider-ketch
spec:
package:"shipasoftware/provider-ketch:0.0.1"
Once saved, apply it with:
kubectl apply -f crossplane-provider-ketch.yaml
In a few seconds, you will see a new pod for the Ketch provider coming up in the crossplane-system namespace:
kubectl get pods -n crossplane-system
NAME READY STATUS RESTARTS AGE
crossplane-76f4dcf6b-54vkg 1/1 Running 0 72m
crossplane-rbac-manager-7c6ff4fd6f-tnr79 1/1 Running 0 72m
provider-ketch-a52eded47e94-d97bfcf74-q5b56 1/1 Running 0 71m
ArgoCD
You can follow steps 1 to 4 from the ArgoCD documentation to install and access your ArgoCD install. You can find it here: Getting Started – Argo CD – Declarative GitOps CD for Kubernetes (argoproj.github.io)
Deploying an Application
With Ketch, Crossplane, and ArgoCD installed, we can now deploy a sample application.
For Ketch to deploy applications, we first need to create a framework. Frameworks in Ketch translate to a namespace in your cluster, and when deploying applications targeting that framework, they will be deployed to the created namespace.
You can create a framework by running the command below:
ketch framework add dev --ingress-service-endpoint 104.155.134.17 --ingress-type istioAs you can see from the command above, you will need to enter Istio’s ingress external IP. Ketch requires that because it automatically creates an endpoint for your application during deployment. You can find your Istio’s external IP by running the following command:
kubectl get services -n istio-systemNow, you can create an application in ArgoCD to be deployed. Once in the ArgoCD dashboard, assuming you already have your repository configured in ArgoCD, click on NEW APP:
You can find the sample application source code used above here: ketch-gitops-sample/podinfo at main · brunoa19/ketch-gitops-sample (github.com)
Once you click on CREATE, ArgoCD will automatically sync and create the app using Ketch. You can see the status of the deployment and the endpoint to access your application by using the ketch app list command:
Accessing the endpoint created by Shipa, we can see our application running:
If we look at the application definition, we see that it becomes a lot easier for developers to deploy their applications without having to create and maintain extensive Helm charts, Kustomize scripts, and more:
Conclusion
Because Ketch is also linked to Crossplane through its provider, if you manually delete the application using the ketch app remove command, you will see that the application will be recreated in a few seconds.
That’s it! You now have a much easier GitOps model to give your developers!